{"id":23480377,"url":"https://github.com/listendev/action","last_synced_at":"2025-06-18T20:34:38.280Z","repository":{"id":147597159,"uuid":"606225943","full_name":"listendev/action","owner":"listendev","description":"Proactive security monitoring and threat detection in CI/CD","archived":false,"fork":false,"pushed_at":"2025-05-05T12:59:04.000Z","size":3234,"stargazers_count":14,"open_issues_count":2,"forks_count":0,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-06-02T22:47:04.227Z","etag":null,"topics":["ci","dynamic-analysis","github-action","npm","runtime-security","supply-chain-security"],"latest_commit_sha":null,"homepage":"https://lstn.dev/get-started","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/listendev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-02-24T22:18:43.000Z","updated_at":"2025-05-05T12:59:01.000Z","dependencies_parsed_at":"2024-06-25T16:41:30.161Z","dependency_job_id":"690f81bb-7f75-42c3-b42f-732fa188e445","html_url":"https://github.com/listendev/action","commit_stats":null,"previous_names":[],"tags_count":51,"template":false,"template_full_name":null,"purl":"pkg:github/listendev/action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/listendev%2Faction","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/listendev%2Faction/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/listendev%2Faction/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/listendev%2Faction/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/listendev","download_url":"https://codeload.github.com/listendev/action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/listendev%2Faction/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260629623,"owners_count":23038960,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ci","dynamic-analysis","github-action","npm","runtime-security","supply-chain-security"],"created_at":"2024-12-24T20:11:24.996Z","updated_at":"2025-06-18T20:34:33.267Z","avatar_url":"https://github.com/listendev.png","language":"TypeScript","readme":"# listendev/action\n\n\u003e Proactive Security Monitoring Inside GitHub Actions 🐬\n\n_Observe network, file, and process behaviors during every workflow run and flags anomalous and malicious activities — such as connections to unknown IPs or unauthorized source code changes – in your GitHub actions workflows._\n\n## Usage\n\nSee [action.yml](action.yml).\n\n### Basic\n\n```yaml\nsteps:\n  - uses: listendev/action@v0.18.0\n    with:\n      runtime: only\n      jwt: ${{ secrets.LSTN_API_KEY }}\n```\n\n### Full\n\n```yaml\nsteps:\n  - uses: listendev/action@v0.18.0\n    with:\n      # The Github API token.\n      # Defaults to ${{ github.token }}\n      token: \"...\"\n      # The listen.dev JWT token.\n      # Defaults to empty string.\n      jwt: ${{ secrets.MY_JWT_TOKEN }}\n      # Whether to enable the eavesdrop tool or not to inspect the runtime threats in your CI.\n      # Works only on linux runners. Requires a valid `jwt` option.\n      # Defaults to false.\n      runtime: \"true|false|only\"\n      # The lstn version.\n      # Defaults to the latest lstn release tag (recommended).\n      lstn: \"vX.Y.Z\"\n      # The working directory relative to the root one.\n      # Defaults to the root directory.\n      workdir: \".\"\n      # The path to the YAML configuration file.\n      # Or the path of the directory containing a .lstn.yaml file.\n      # Defaults to empty.\n      config: \"...\"\n      # One or more reporting mechanisms (gh-pull-comment,gh-pull-review,gh-pull-check,pro)\n      # Defaults to \"gh-pull-comment\" when there is no JWT input, to \"pro\" otherwise.\n      reporter: \"gh-pull-comment\"\n      # Addition lstn flags for power users\n      lstn_flags: \"\"\n```\n\n### Connect to listen.dev\n\nJust [create a secret](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions) and pass it to the `jwt` input...\n\n```yaml\nsteps:\n  - uses: listendev/action@v0.18.0\n    with:\n      runtime: true\n      jwt: ${{ secrets.LSTN_API_KEY }}\n```\n\nWhen the action notices that the [listen.dev](https://listen.dev) JWT secret exists, it will automatically override the reporter to the `pro` one.\n\nBecause of the `runtime` option set to `true`, it will also start the CI eavesdrop tool under the hoods.\n\nNotice it only works on linux runners.\n\n**Where to get your JWT token?**\n\n[How to get your API key from the project settings](https://docs.listen.dev/workflows/generate-api-token).\n\nIt's _recommended_ to regenerate the JWT token for every release, until we will release stable versions.\n\n\u003cdetails\u003e\n\u003csummary\u003eDo you also want to also use another reporter together with the pro one?\u003c/summary\u003e\n\n```yaml\nsteps:\n  - uses: listendev/action@v0.18.0\n    with:\n      jwt: ${{ secrets.LSTN_API_KEY }}\n      lstn_flags: \"--reporter gh-pull-comment\"\n```\n\u003c/details\u003e\n\n### Examples\n\nLet's say you don't want verdicts and events about the dependencies into your lockfiles.\nOr maybe your repository doesn't contain lockfiles (package-lock.json, poetry.lock, etc.) at all...\n\nSo, you only want it to eavesdrop for runtime threats...\n\n```yaml\nsteps:\n  - uses: listendev/action@v0.18.0\n    with:\n      runtime: only\n      jwt: ${{ secrets.LSTN_API_KEY }}\n```\n\nLet's say you want the verdicts in JSON format...\n\n```yaml\nsteps:\n  - uses: listendev/action@v0.18.0\n    with:\n      lstn_flags: \"--json\"\n```\n\nLet's say you only care for high severity verdicts...\n\n```yaml\nsteps:\n  - uses: listendev/action@v0.18.0\n    with:\n      lstn: \"v0.18.0\"\n      lstn_flags: \"--select '@.severity == \\\"high\\\"'\"\n```\n\nYou can select the verdicts also with the `select` input.\n\nLet's say we only care for dynamic instrumentation verdicts regarding processes...\n\n```yaml\nsteps:\n  - uses: listendev/action@v0.18.0\n    with:\n      select: \"(@.file =~ \\\"^dynamic\\\" \u0026\u0026 \\\"process\\\" in @.categories)\"\n```\n\n## Development\n\nTo develop this GitHub action you first need to install its dependencies:\n\n```bash\nnpm install\n```\n\nYou can then use `npm run build` to compile it. Also, remember that we check on every pull request that you've run this command, as to avoid the `dist/` directory to be out of sync.\n\nYou can also run unit tests locally with the `npm run test` command.\n\nThe CI makes extensive use of the official [GitHub reusable workflows](https://github.com/actions/reusable-workflows) for developing actions following best practices (see the [.github](./.github) directory).\n\n## License\n\nThe scripts and documentation in this project are released under the [Apache 2.0](LICENSE) license.\n\n## Contributions\n\nContributions are always welcome!\n\nSee [contributor's guide](.github/CONTRIBUTING.md).\n\n### Code of Conduct\n\nPractice kindness. ✨\n\nSee [our code of conduct](https://github.com/listendev/.github/blob/main/CODE_OF_CONDUCT.md).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flistendev%2Faction","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flistendev%2Faction","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flistendev%2Faction/lists"}