https://github.com/cyberarmyid/helium-security-vulnerability-scanner
This GitHub Action allows you to automatically run security scans using Helium Security in your CI/CD workflow.
https://github.com/cyberarmyid/helium-security-vulnerability-scanner
api-scanner github github-actions helium-security helium-sh vulnerability-assessment vulnerability-scanners website-scanner
Last synced: 2 months ago
JSON representation
This GitHub Action allows you to automatically run security scans using Helium Security in your CI/CD workflow.
- Host: GitHub
- URL: https://github.com/cyberarmyid/helium-security-vulnerability-scanner
- Owner: CyberArmyID
- Created: 2026-01-27T04:17:27.000Z (5 months ago)
- Default Branch: main
- Last Pushed: 2026-04-09T03:03:34.000Z (2 months ago)
- Last Synced: 2026-04-09T04:29:42.921Z (2 months ago)
- Topics: api-scanner, github, github-actions, helium-security, helium-sh, vulnerability-assessment, vulnerability-scanners, website-scanner
- Language: JavaScript
- Homepage: https://www.helium.sh
- Size: 1.29 MB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Helium Security Vulnerability Scanner
This GitHub Action allows you to automatically run security scans using Helium Security in your CI/CD workflow.
## Prerequisites
- Helium.sh account (License `Team` / `Business` / `Enterprise` required)
## Create a Helium Security API Key and Store It as a GitHub Secret
1. Log in to your [Helium Security](https://www.helium.sh/) account.
2. Go to **Settings**, select **My Account**, then open the **Integration** tab and choose **CI/CD Integration**.
3. Generate a new API key and copy its value.
4. Go to your GitHub repository, open **Settings**, then navigate to **Secrets and variables** → **Actions**.
5. Create a new secret named `HELIUM_API_KEY`, paste the API key value, and click **Add secret**.
6. After adding the secret, the page should appear as follows:
## How to Get the Helium Security Workspace ID
1. Log in to your [Helium Security](https://www.helium.sh/) account.
2. Go to **Settings** and select **Workspace**.
3. Choose the workspace you want to use, then click the **Workspace ID**. It will be copied to your clipboard automatically.
4. Make sure the selected workspace belongs to the same owner that holds the active license, because the API key can only be used with workspaces covered by that license.
5. Use this Workspace ID in your GitHub Actions workflow with the key `workspace_id`.
## Inputs
### Website Scanner Inputs
#### Without Authentication
##### Inputs
| Name | Type | Default | Required | Description |
|-------------------|--------|---------|----------|----------------------------------------------------------------------------|
| api_key | string | - | Yes | Helium API Key |
| workspace_id | string | - | Yes | Workspace ID |
| tool | string | - | Yes | Scanner type (`website-scanner`) |
| scan_option | string | - | Yes | Scanner option (`basic_scan`, `full_scan`) |
| target | string | - | Yes | Target URL to scan |
| target_path | string | - | No | Path to the target file or directory for scanning |
| fail_on | string | high | No | Fail the build if severity >= value (`low`, `medium`, `high`, `critical`) |
##### Example Usage:
```yaml
steps:
- name: Helium Security Website Scan (No Auth)
uses: CyberArmyID/helium-security-action@v1.0.1
with:
api_key: ${{ secrets.HELIUM_API_KEY }}
workspace_id: abcd1234-abcd-abcd-abcd
tool: website-scanner
scan_option: basic_scan
target: example.com
target_path: /path
fail_on: high
```
#### With Authentication
##### Cookie Based Authentication
###### Inputs
| Name | Type | Default | Required | Description |
|----------------------|--------|---------|----------|--------------------------------------------------------------------|
| api_key | string | - | Yes | Helium API Key |
| workspace_id | string | - | Yes | Workspace ID |
| tool | string | - | Yes | Scanner type (`website-scanner`) |
| scan_option | string | - | Yes | Scanner option (`basic_scan`, `full_scan`) |
| target | string | - | Yes | Target URL to scan |
| auth_method | string | - | Yes | Authentication method (`cookie`) |
| cookies_input | string | - | Yes | Cookies to use for authentication |
| after_login_url | string | - | Yes | URL to visit after login |
| logout_url | string | - | Yes | URL to logout |
| login_success_indicator | string | - | Yes | String to check in response for successful login |
| target_path | string | - | No | Path to the target file or directory for scanning |
| fail_on | string | high | No | Fail the build if severity >= value (`low`, `medium`, `high`, `critical`) |
###### Example Usage:
```yaml
steps:
- name: Helium Security Website Scan (Cookie Auth)
uses: CyberArmyID/helium-security-action@v1.0.1
with:
api_key: ${{ secrets.HELIUM_API_KEY }}
workspace_id: abcd1234-abcd-abcd-abcd
tool: website-scanner
scan_option: full_scan
target: vuln.example.com
auth_method: cookie
cookies_input: "sessionid=abc123; path=/;"
after_login_url: https://vuln.example.com/dashboard
logout_url: https://vuln.example.com/logout
login_success_indicator: "Dashboard"
fail_on: high
```
##### Form Based Authentication
###### Inputs
| Name | Type | Default | Required | Description |
|----------------------|--------|---------|----------|--------------------------------------------------------------------|
| api_key | string | - | Yes | Helium API Key |
| workspace_id | string | - | Yes | Workspace ID |
| tool | string | - | Yes | Scanner type (`website-scanner`) |
| scan_option | string | - | Yes | Scanner option (`basic_scan`, `full_scan`) |
| target | string | - | Yes | Target URL to scan |
| auth_method | string | - | Yes | Authentication method (`form`) |
| login_url | string | - | Yes | URL for authentication/login |
| login_payload | string | - | Yes | Payload for authentication/login (string or JSON) |
| after_login_url | string | - | Yes | URL to visit after login |
| logout_url | string | - | Yes | URL to logout |
| login_success_indicator | string | - | Yes | String to check in response for successful login |
| target_path | string | - | No | Path to the target file or directory for scanning |
| fail_on | string | high | No | Fail the build if severity >= value (`low`, `medium`, `high`, `critical`) |
###### Example Usage:
```yaml
steps:
- name: Helium Security Website Scan (Form Auth)
uses: CyberArmyID/helium-security-action@v1.0.1
with:
api_key: ${{ secrets.HELIUM_API_KEY }}
workspace_id: abcd1234-abcd-abcd-abcd
tool: website-scanner
scan_option: full_scan
target: portal.example.com
auth_method: form
login_url: https://portal.example.com/login
login_payload: username=user&password=pass
after_login_url: https://portal.example.com/dashboard
logout_url: https://portal.example.com/logout
login_success_indicator: "Welcome, user"
fail_on: high
```
### API Scanner Inputs
#### Without Authentication
##### Inputs
| Name | Type | Default | Required | Description |
|---------------------|--------|---------|----------|----------------------------------------------------------------------------|
| api_key | string | - | Yes | Helium API Key |
| workspace_id | string | - | Yes | Workspace ID |
| tool | string | - | Yes | Scanner type (`api-scanner`) |
| scan_option | string | - | Yes | Scanner option (`basic_scan`, `full_scan`) |
| target | string | - | Yes | Target URL to scan |
| target_path | string | - | No | Path to the target file or directory for scanning |
| api_definition_type | string | - | Yes | API definition type (`openapi`, `swagger`, `postman`, `raml`, `wadl`) |
| api_definition_url | string | - | Yes | URL or path to the API definition file |
| fail_on | string | high | No | Fail the build if severity >= value (`low`, `medium`, `high`, `critical`) |
##### Example Usage:
```yaml
steps:
- name: Helium Security API Scan (No Auth)
uses: CyberArmyID/helium-security-action@v1.0.1
with:
api_key: ${{ secrets.HELIUM_API_KEY }}
workspace_id: abcd1234-abcd-abcd-abcd
tool: api-scanner
scan_option: basic_scan
target: example.com
target_path: /path
api_definition_type: openapi
api_definition_url: https://api.example.com/openapi.yaml
fail_on: high
```
#### With Authentication
##### Inputs
| Name | Type | Default | Required | Description |
|---------------------|--------|---------|----------|----------------------------------------------------------------------------|
| api_key | string | - | Yes | Helium API Key |
| workspace_id | string | - | Yes | Workspace ID |
| tool | string | - | Yes | Scanner type (`api-scanner`) |
| scan_option | string | - | Yes | Scanner option (`basic_scan`, `full_scan`) |
| target | string | - | Yes | Target URL to scan |
| target_path | string | - | No | Path to the target file or directory for scanning |
| api_definition_type | string | - | Yes | API definition type (`openapi`, `swagger`, `postman`, `raml`, `wadl`) |
| api_definition_url | string | - | Yes | URL or path to the API definition file |
| login_url | string | - | Yes | URL for authentication/login |
| login_payload | string | - | Yes | Payload for authentication/login (string or JSON) |
| auth_token_location | string | - | Yes | Location of auth token in response |
| auth_header_name | string | - | Yes | Header name for auth token |
| auth_token_prefix | string | - | No | Prefix for auth token in header |
| fail_on | string | high | No | Fail the build if severity >= value (`low`, `medium`, `high`, `critical`) |
##### Example Usage:
```yaml
steps:
- name: Helium Security API Scan (Auth)
uses: CyberArmyID/helium-security-action@v1.0.1
with:
api_key: ${{ secrets.HELIUM_API_KEY }}
workspace_id: abcd1234-abcd-abcd-abcd
tool: api-scanner
scan_option: full_scan
target: api.example.com
api_definition_type: openapi
api_definition_url: https://api.example.com/openapi.yaml
login_url: https://api.example.com/auth
login_payload: {"username":"user","password":"pass"}
auth_token_location: access.token
auth_header_name: Authorization
auth_token_prefix: Bearer
fail_on: high
```
### On-Premise Deployment (Optional)
##### Inputs
| Name | Type | Default | Required | Description |
|-------------------|--------|-----------------------|----------|----------------------------------------------------------------------------|
| helium_base_url | string | https://api.helium.sh | No | Base URL for the Helium API. Set this to your server address (e.g., http://127.0.0.1:1337) for on-premise deployments. |
| api_key | string | - | Yes | Helium API Key |
| workspace_id | string | - | Yes | Workspace ID |
| tool | string | - | Yes | Scanner type (`website-scanner`) |
| scan_option | string | - | Yes | Scanner option (`basic_scan`, `full_scan`) |
| target | string | - | Yes | Target URL to scan |
| target_path | string | - | No | Path to the target file or directory for scanning |
| fail_on | string | high | No | Fail the build if severity >= value (`low`, `medium`, `high`, `critical`) |
##### Example Usage:
```yaml
steps:
- name: Helium Security Website Scan (No Auth, On-Premise)
uses: CyberArmyID/helium-security-action@v1.0.1
with:
helium_base_url: ${{ secrets.HELIUM_BASE_URL }}
api_key: ${{ secrets.HELIUM_API_KEY }}
workspace_id: abcd1234-abcd-abcd-abcd
tool: website-scanner
scan_option: basic_scan
target: example.com
target_path: /path
fail_on: high
```