Jscrambler

Jscrambler & GitHub integration is now available

April 24th, 2023 | By Jscrambler | 2 min read

jscrambler's integration with github

Jscrambler and GitHub integration will make it easier for users to include Jscrambler’s Code Integrity protection in their build pipeline.

The users have the action ready on the GitHub Marketplace, only needing to adjust a few parameters. By integrating Jscrambler with GitHub, the user avoids having to customize GitHub actions from scratch or include calls to the Jscrambler CLI when setting up the pipeline.

If you haven't yet experienced Jscrambler's dashboard, we suggest you follow our Getting Started guide, which will walk you through all the functionalities that we make available for our users.

If you are familiar with Jscrambler, you just need to download "No Secrets" Jscrambler's configuration file for the application you want to protect. If you don't know how to do this, please contact us.

Jscrambler and GitHub

A Jscrambler configuration file should look like this:


{
  "parameters": [
    {
        "status": 1,
        "name": "objectPropertiesSparsing"
    },
    {
        "status": 1,
        "name": "whitespaceRemoval"
    },
    {
        "status": 1,
        "name": "regexObfuscation"
    },
    {
        "status": 1,
        "options": {
            "features": [
                "opaqueSteps"
            ]
        },
        "name": "controlFlowFlattening"
    },
    {
        "status": 1,
        "name": "booleanToAnything"
    },
    {
      "status": 1,
      "name": "identifiersRenaming"
    }
  ],
  "areSubscribersOrdered": false,
  "languageSpecifications": {
    "es8": true,
    "es7": false,
    "es6": true,
    "es5": true
  },
  "applicationTypes": {
      "html5GameApp": false,
      "javascriptNativeApp": false,
      "hybridMobileApp": true,
      "serverApp": false,
      "desktopApp": false,
      "webBrowserApp": true
  },
  "useRecommendedOrder": true,
  "tolerateMinification": true,
  "useProfilingData": false
}


After downloading Jscrambler’s configuration file for the application you want to protect, you should:

  • Store your account keys and application ID as GitHub secrets.

  • Place the jscrambler.json file in your application's root folder.

To configure a Jscrambler job with GitHub CI:

Consider the case of a workflow that, on a certain event, compiles or bundles a project and generates a set of JavaScript files in a dist folder.

To integrate with Jscrambler, you could add the following jobs:

jobs:
  build:
    runs-on: ubuntu-latest
    name: Test Protection
    environment: production
    steps:
      - uses: actions/checkout@v3
      # < your build process here >
      - name: Protect with Jscrambler
        id: jscrambler
        uses: jscrambler/code-integrity-actions/protect@v6
        with:
          application-id: ${{ secrets.JSCRAMBLER_APPLICATION_ID }}
          secret-key: ${{ secrets.JSCRAMBLER_SECRET_KEY }}
          access-key: ${{ secrets.JSCRAMBLER_ACCESS_KEY }}
          jscrambler-config-path: jscrambler.json
          files-src: |
            dist/*
            dist/**/*
          files-dest: dist-obfuscated/
      - name: Upload protected code as a GitHub artifact
        uses: actions/upload-artifact@v3
        with:
          name: protected-source-code
          path: dist-obfuscated/
          retention-days: 1


Integrate Jscrambler Code Integrity with GitHub workflow documents


For further features and detailed instructions, here’s our documentation describing how to integrate Jscrambler Code Integrity into your existing GitHub workflows.

Jscrambler is the leader in client-side web security and is trusted by the Fortune 500 and major companies in sectors such as finance, e-commerce, media, and software development.

Jscrambler has protected more than 1 million application builds and 2 billion user sessions.

To learn more and get support, contact us at [email protected].

Jscrambler

The leader in client-side Web security. With Jscrambler, JavaScript applications become self-defensive and capable of detecting and blocking client-side attacks like Magecart.

View All Articles

Must read next

Jscrambler Tutorials

Jscrambler 101 — SIEM Integration

Welcome back to our 101 tutorials on how to use Jscrambler to protect your JavaScript. This time, we’re going to explore our SIEM Integration.

July 21, 2021 | By Jscrambler | 5 min read

Jscrambler

Announcing Partnership and Integration with GitLab

Jscrambler and GitLab announced a partnership and integration to automate source code protection in DevSecOps workflows.

March 11, 2021 | By Jscrambler | 1 min read

Section Divider