Skip to main content

Getting Started

Getting started with Cimon is as simple as introducing a single step in the pipeline. Running Cimon should be the first step in each of your jobs.


To get Cimon to learn your pipeline, we recommend starting it on "Detect Mode."

- uses: cycodelabs/cimon-action@v0
prevent: true
allowed-hosts: >
allowed-ips: >

With our custom GitHub Action, we automatically run the agent, terminate it gracefully, and generate a neat report for you. To help you generate the preventive policy, the Security Report will guide you through the security profile you need to apply for your build.

Read more about GitHub Actions integration here.

Cycode Authentication

Cycode Capabilities

Authenticating is optional for Cycode customers to enhance Cimon's capabilities. You can read more about it here.

The Cimon API key consists of two values: client-id and secret, and can be generated from the Cycode service accounts page.

These values should be saved in a secure secret manager titled CIMON_CLIENT_ID and CIMON_SECRET. For example, this is how it should look in the GitHub Actions secret manager:

Once tokens are installed securely, Cimon can be invoked as follows:

- uses: cycodelabs/cimon-action@v0
client-id: ${{ secrets.CIMON_CLIENT_ID }}
secret: ${{ secrets.CIMON_SECRET }}