← Back

Security Gate Example Repository

A companion repository containing intentional security issues, example configurations, and workflow templates for validating the Security Gate Action.

GitHub ActionsSecurityIntegration TestingFixtures
Visit project
Security Gate Example Repository screenshot

Highlights

  • Fixtures covering all four scanner types with documented findings
  • Multiple workflow examples: minimal, strict, and matrix configurations
  • Safe-to-clone demo with clearly marked fake credentials

This repository accompanies the Security Gate Action and provides a controlled environment for integration testing and demonstration. It contains intentional security issues across secrets, dependencies, infrastructure-as-code, and container configurations so users can see how the action detects and reports findings.

What it demonstrates

  • End-to-end workflow validation for all Security Gate scanner types
  • Configuration examples ranging from minimal defaults to strict enforcement
  • A matrix workflow that runs multiple configurations in parallel
  • Clearly documented fixtures with expected finding counts per scanner

Fixtures

The fixtures directory contains sample projects with intentional issues. Each subdirectory targets a specific scanner and documents the expected findings.

  • secrets: dummy AWS keys, GitHub tokens, Slack tokens, and private key blocks
  • node-app: package-lock.json with known vulnerable dependencies
  • terraform: insecure S3 bucket and security group configurations
  • k8s: privileged pods, missing resource limits, and hostPath mounts
  • docker: Dockerfile anti-patterns including root user and latest tags

Workflows

Three example workflows show different ways to integrate Security Gate into a CI pipeline.

  • Minimal: uses default auto mode and fails only on high-severity findings
  • Strict: explicit mode with fail_on set to low, expected to fail on every run
  • Matrix: runs all configuration variants in parallel to validate each scanner combination

Configurations

The configs directory contains ready-to-use YAML files that demonstrate common patterns.

  • basic.yml: auto mode with sensible defaults
  • strict.yml: explicit mode, fail on any finding
  • node-only.yml, iac-only.yml, container-only.yml: scanner-specific setups
  • allowlist-active.yml: demonstrates CVE and path-based suppressions
  • custom-rules.yml: shows how to add organisation-specific secret patterns

Why I built it

A standalone example repository makes it easier for users to understand what Security Gate detects and how to configure it. It also serves as the primary integration test suite, validating that the action behaves correctly across a range of real-world file types and configurations.