Configure a GitHub Repository with dryrunsecurity.yaml

Configure a GitHub Repository with dryrunsecurity.yaml

In this section, you’ll add a .dryrunsecurity.yaml file at the root directory of the repository.

Log in the the DryRun Security portal at https://app.dryrun.security (opens in a new tab).

You’ll see the list of repositories where you authorized DryRun Security to run. Open the dropdown menu to the right of the repository and click “configure” to see a sample .dryrunsecurity.yaml file.

DryRun Security Repository Configure

DryRun Security Repository Configure Modal

Create a .dryrunsecurity.yaml file based on the sample (also included below).

sensitiveCodepaths:
  # Files only allowed authors can modify
  # - 'app.js'
  # - 'controllers/**/*.js'
allowedAuthors:
  usernames:
    # GitHub username
    # - 'john-doe'
notificationList:
  # GitHub username or team name
  # - '@DryRunSec/security'
  # - '@john-doe'

Note: sensitiveCodepaths can target a directory, file, or files using globbing syntax. Target the files that if touched represent significant risk to your organization. allowedAuthors allows you to identify authors that can edit these sensitive files. If no allowedAuthors are specified, ANY individual who touches that file will trigger a check failure. Otherwise, if anyone other than the specified authors touch the files in question, a check failure will occur. See DryRun Security Check Details below for more information.

Add the .dryrunsecurity.yaml file to the root of your repository following your normal process.

DryRun Security Configured Repository

When you return to the DryRun Security portal, you should see that your repository is connected.

DryRun Security Repository Connected

Configuration is complete! Next, let's open up a pull request to see DryRun Security in action.

Set up NotificationsGeneric Starter Pack NLCPs