Comment on page

CI reference

The GitHub Action automatically integrates the behavioral analysis into your CI/CD pipeline and prevents problematic dependencies from impacting your build and production systems. It uses the "listendev/action" action to run commands using the lstn CLI tool.


To use this GitHub Actions workflow for the lstn tool:
  1. 1.
    Create a YAML configuration file for the workflow in your repository, such as .github/workflows/lstn.yml.
  2. 2.
    Add the code block below to use the listendev/action with the desired configuration options.
  3. 3.
    Commit and push the changes to your repository.
  4. 4.
    The workflow will automatically run when triggered by a push or pull request event to your repository, depending on your configuration.


- uses: listendev/action@v1


- uses: listendev/action@v1
# The Github API token.
# Defaults to ${{ github.token }}
token: "..."
# The lstn version.
# Defaults to the latest lstn release tag.
lstn: "vX.Y.Z"
# The working directory relative to the root one.
# Defaults to the root directory.
workdir: "."
# One or more reporting mechanisms (gh-pull-comment,gh-pull-review,gh-pull-check)
reporter: "gh-pull-comment"
# Addition lstn flags for power users
lstn_flags: ""

Configuration options

The following configuration options can be set for the listendev/action in this workflow:
  • token (optional)
    The GitHub API token to use for authentication when making requests to the GitHub API. The default value is ${{ github.token }}, which uses the token associated with the GitHub Actions runner. For example: token: "${{ secrets.GITHUB_TOKEN }}"
  • lstn (optional) The version of the "lstn" tool to use. The default value is vX.Y.Z, which is the latest release tag. If a specific version is required, it can be specified here. For example: lstn: "v0.4.0"
  • workdir (optional) The working directory for the lstn CLI relative to the root directory. The default value is . (root directory). This path should contain a package.json file.
In case the package.json file is inside a sub directory, please specify it explicitly For example, if the manifest is inside a folder called src
- name: Run lstn scan
uses: listendev/[email protected]
workdir: "./src"
  • reporter (optional) One or more reporting mechanisms to use, such as gh-pull-comment, gh-pull-review, or gh-pull-check. Example: reporter: "gh-pull-comment,gh-pull-review"
  • lstn_flags (optional): Additional flags that can be used with the "lstn" CLI, as detailed in this guide. Example: lstn_flags: "--json -e dev"
Last modified 5mo ago
© 2023 Garnet Labs