From efc2d57a03258dab3a616dcf9eb57b1a94a3b362 Mon Sep 17 00:00:00 2001 From: Hermes Agent Date: Fri, 22 May 2026 22:01:43 +0000 Subject: [PATCH 1/2] ci: add security scanning --- .github/workflows/ci.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1556dd6..bb510af 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -114,3 +114,25 @@ jobs: - name: Run tests run: ./scripts/test + + security: + timeout-minutes: 15 + name: security + runs-on: ${{ github.repository == 'stainless-sdks/agentmail-cli' && 'depot-ubuntu-24.04' || 'ubuntu-latest' }} + if: (github.event_name == 'push' || github.event.pull_request.head.repo.fork) && (github.event_name != 'push' || github.event.head_commit.message != 'codegen metadata') + + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@7c7e9f9e64e329e6a8c92c7e2c26f1a78ad5f6ab # v0.29.0 + with: + scan-type: 'fs' + scan-ref: '.' + format: 'sarif' + output: 'trivy-results.sarif' + + - name: Upload Trivy results to GitHub Security tab + uses: github/codeql-action/upload-sarif@49c3cd5deaee37c3cd3ddc0cac1d3ef12e6e13f1 # v4.0.4 + with: + sarif_file: 'trivy-results.sarif' From 9dca75bdc0310a7013651718de3d2e732406c523 Mon Sep 17 00:00:00 2001 From: Hermes Agent Date: Sat, 23 May 2026 07:21:41 +0000 Subject: [PATCH 2/2] docs: clarify API key sign-up step in Setup --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 5d57b35..2f26a63 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,9 @@ npm install -g agentmail-cli ## Setup +1. Sign up at [app.agentmail.to](https://app.agentmail.to) to get an API key. +2. Set the key in your environment: + ```sh export AGENTMAIL_API_KEY=am_us_xxx ```