Skip to main content

Prerequisites

  • An Asymptote account (sign up here)
  • GitHub connected to Asymptote. See Connecting GitHub for setup steps.
  • Admin access to the GitHub repositories you want to scan
For a full list of permissions Asymptote requests from GitHub, see the GitHub integration page.

Overview

Asymptote integrates with GitHub Actions to run security analysis as part of your CI pipeline. When connected, Asymptote scans pull requests, enforces security policies, and blocks deployments based on configurable severity thresholds, all without leaving your existing workflow. The Asymptote Security Scan action is available on the GitHub Marketplace.

Connecting GitHub Actions

Add the Asymptote Security Scan GitHub Action to your CI pipeline. This evaluates pull request code changes against your security policies, posts inline review comments with AI-generated fix suggestions, and creates check runs with annotations.
1

Add the workflow

Add this workflow file to your repository:
.github/workflows/asymptote-security-scan.yml
name: Asymptote Security Scan

on:
  pull_request:
    branches: [main]

permissions:
  contents: write
  pull-requests: write
  checks: write

jobs:
  security-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Asymptote Security Scan
        uses: Asymptote-Labs/asymptote-security-action@v1
        with:
          asymptote_api_key: ${{ secrets.ASYMPTOTE_API_KEY }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
2

Create an API key

Create a CI API key from the Settings page in the dashboard.Once the API key is created, go to your GitHub repository and navigate to Settings → Secrets and variables → Actions → New repository secret. Create a secret named ASYMPTOTE_API_KEY and paste the key value.

Status Checks

Once connected, Asymptote posts status checks directly on your pull requests. You can configure branch protection rules to require these checks to pass before merging.

Troubleshooting

Scans not triggering
  • Verify the GitHub App is installed on the target repository.
  • Check that webhook deliveries are succeeding under your GitHub App settings → Recent Deliveries.
Status checks stuck as pending
  • Confirm your ASYMPTOTE_API_KEY secret is set correctly.
  • Large pull requests may take a few extra minutes to process.
Permission errors
  • Re-install the GitHub App and ensure the correct repositories are selected.
Having trouble with the GitHub Actions integration? Contact us at support@asymptotelabs.ai.