GitHub actions
Updated: October 30, 2025
The FireTail GitHub API Discovery Docker image automates the discovery of APIs in your GitHub organization or account. It scans for OpenAPI/Swagger specifications in your repositories and generates them via static code analysis. Each repository will have an API created in the FireTail SaaS Platform, potentially with multiple collections for that API.
Requirements
To use the FireTail API Discovery tool, you need:
- A classic GitHub access token with
read:packagesscope.- Note: Fine-grained tokens do not currently support any
packagesscopes.
- Note: Fine-grained tokens do not currently support any
- Any GitHub access token with
read:contentsscope for the repositories you want to scan.- If using a fine-grained token with specific repository access, you must list these repos individually.
- A FireTail project token.
Configure the scanner
- Create a file named
config.yml(not.yaml) with the following structure to configure which organizations, users, or individual repositories to scan:
# List organizations to scan their repositories
organizations: # default []
example-organization:
# Under each org, you can skip public, private, internal, archived or fork repositories
skip_public_repositories: False # default False
skip_private_repositories: False # default False
skip_internal_repositories: False # default False
skip_archived_repositories: False # default False
skip_forks: False # default False
# List users to scan their repositories
users: # default []
example-user:
# Under each user, you can skip public, private, archived or fork repositories
skip_public_repositories: False # default False
skip_private_repositories: False # default False
skip_archived_repositories: False # default False
skip_forks: False # default False
# List individual repositories to include or exclude explicitly - has higher
# precedence than scanning via users or orgs
repositories: # default []
example-user/example-repository: exclude
example-organization/example-repository: include- Copy the configuration example above and modify it as needed, replacing
example-organizationandexample-userwith your actual GitHub organization and user names. - Adjust the
skip_*options andrepositorieslist to fit your specific requirements.
Run the scanner
Authenticate your docker CLI. Log in to Docker using your GitHub credentials:
docker login \
--username ${YOUR_GITHUB_USERNAME} \
--password ${YOUR_GITHUB_CLASSIC_TOKEN} \
ghcr.ioStart the scan. Run the scanner with the following command:
docker run --rm \
--env GITHUB_TOKEN=${YOUR_GITHUB_TOKEN} \
--env FIRETAIL_APP_TOKEN=${YOUR_FIRETAIL_APP_TOKEN} \
--mount type=bind,source="${PWD}/config.yml",target=/config.yml,readonly \
ghcr.io/firetail-io/firetail-code-repository-scanner:latestContainer environment variables
When running the Docker image, set the following environment variables using the --env flag:
| Variable Name | Description | Required | Default |
|---|---|---|---|
| GITHUB_TOKEN | A GitHub access token | Yes | None |
| FIRETAIL_PROJECT_TOKEN | A FireTail project token | Yes | None |
| FIRETAIL_API_URL | The API URL for your FireTail SaaS instance | No | https://api.saas.eu-west-1.prod.firetail.app |
| LOGGING_LEVEL | The scanner's verbosity | No | INFO |