Automate Continuous Surveys

Navigate from manual complexity to automated clarity. Integrate Spice Labs into your GitHub workflows to continuously survey your code on every push, pull request, or release - ensuring your software landscape remains mapped and secure.

Deploy Continuous Intelligence

Chart your path to automated surveys:

name: Spice Labs Security Scan

on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main]

jobs:
  security-scan:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Run Spice Labs Survey
        uses: spice-labs-inc/action-spice-labs-surveyor@v5
        with:
          subject: my-project
          spice_pass: ${{ secrets.SPICE_PASS }}

Setup Steps

1. Add Your Spice Pass Secret

Go to your repository Settings → Secrets and Variables → Actions
Click New repository secret
Name: SPICE_PASS
Value: Your Spice Pass JWT from the dashboard
Click Add secret

2. Create the Workflow File

Create .github/workflows/spice-survey.yml in your repository with the workflow above.

3. Commit and Push

git add .github/workflows/spice-survey.yml
git commit -m "Add Spice Labs security surveying"
git push

Watch the survey run automatically on your next push!

Navigate Multiple Landscapes

jobs:
  survey-frontend:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: spice-labs-inc/action-spice-labs-surveyor@v5
        with:
          subject: frontend
          input: ./frontend
          spice_pass: ${{ secrets.SPICE_PASS }}

  survey-backend:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: spice-labs-inc/action-spice-labs-surveyor@v5
        with:
          subject: backend
          input: ./backend
          spice_pass: ${{ secrets.SPICE_PASS }}

Action Inputs Reference

Input	Description	Required	Default
`subject`	Label identifying the system being surveyed (shown on the dashboard)	✅ Yes
`spice_pass`	Your Spice Pass JWT token	✅ Yes
`input`	Directory or file to scan	No	`./`
`log_level`	Log level: `debug` \| `info` \| `warn` \| `error`	No	`info`

Troubleshooting

Common Issues

“Authentication failed”

# Check that SPICE_PASS secret is set correctly
# Verify token hasn't expired in dashboard

“No files found to scan”

# Verify the input exists
- name: Debug - List files
  run: ls -la ./

- name: Run scan
  uses: spice-labs-inc/action-spice-labs-surveyor@v5
  with:
    subject: my-module
    input: ./correct-path
    spice_pass: ${{ secrets.SPICE_PASS }}

Security Best Practices

Use repository secrets for Spice Pass tokens
Limit workflow permissions to minimum required:
```
permissions:
  contents: read
```
Use different spice passes for different environments
Rotate spice passes regularly (every 90 days)
Monitor workflow logs for security issues

💡 Navigate Complex Landscapes

For monorepos, chart individual components separately rather than the entire repository to achieve faster analysis and more precise intelligence.

ℹ️ Sample Project

Try the GitHub Action with our sample project to see it in action!