Automate Malware Scanning in GitHub Actions with attachmentAV's Antivirus API

In today’s software development landscape, security threats can enter your codebase through multiple channels like dependencies, user uploads, build artifacts, or even compromised development environments. Companies with strict security and compliance requirements need to scan files in their repositories and CI/CD pipelines before deploying to production environments. However, integrating malware scanning and antivirus detection into automated workflows can be complex and time-consuming.

Protect Your CI/CD Pipeline from Viruses and Malware

Introducing the attachmentAV GitHub Action

We’re excited to announce the attachmentAV for GitHub—a simple, powerful solution for automated malware scanning directly in your GitHub workflows. This GitHub Action leverages the attachmentAV malware scanning API to detect viruses and malicious code in your repository files, workflow artifacts, and release assets before they reach production.

Scan Repository Files with Zero Configuration

The primary use case for this GitHub Action is scanning local repository files and it’s incredibly simple to set up. The action supports repository files up to 100MB (artifacts and release assets up to 5GB) and automatically handles different file sizes with optimized API endpoints.

Quick Start: Scan a Local File

Add this to your GitHub workflow to scan any file in your repository:

- name: Scan local file for malware
  uses: widdix/attachmentav-github-action-malware-antivirus-scan@v1
  with:
    local-file-path: dist/app.zip
    api-key: ${{ secrets.ATTACHMENTAV_API_KEY }}

That’s it! The action will scan your file using the attachmentAV antivirus API and fail the workflow if malware is detected.

Scanning Larger Files

For files larger than 10MB (up to 100MB), you’ll need to provide a GitHub token for authentication:

- name: Scan large repository file
  uses: widdix/attachmentav-github-action-malware-antivirus-scan@v1
  with:
    local-file-path: path/to/large-file.zip
    api-key: ${{ secrets.ATTACHMENTAV_API_KEY }}
    token: ${{ github.token }}

The GitHub Action intelligently routes your scan request:

  • Files ≤10MB: Direct upload to the attachmentAV API (no token required)
  • Files >10MB and ≤100MB: Uses GitHub’s Contents API with authentication (token required)
  • Files >100MB: Should be uploaded as release assets or artifacts first

Real-World Example: Scanning Build Artifacts

Here’s a complete workflow that scans a build artifact before deployment:

name: Security Scan

on:
  push:
    branches: [ main ]

permissions:
  contents: read

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Scan build output for viruses
        id: scan
        uses: widdix/attachmentav-github-action-malware-antivirus-scan@v1
        with:
          local-file-path: dist/app.zip
          api-key: ${{ secrets.ATTACHMENTAV_API_KEY }}

      - name: Display scan results
        run: |
          echo "Status: ${{ steps.scan.outputs.status }}"
          if [ "${{ steps.scan.outputs.status }}" = "clean" ]; then
            echo "✓ File is clean - safe to deploy"
          fi

Beyond Local Files: Artifacts and Release Assets

While scanning repository files is the most common use case, the attachmentAV GitHub Action also supports:

  • GitHub Actions Artifacts: Scan workflow artifacts created by actions/upload-artifact
  • GitHub Release Assets: Scan files attached to GitHub releases

These options are particularly useful for scanning large files (≥100MB) or files generated during complex build processes. The action automatically selects between synchronous and asynchronous scanning based on file size, optimizing performance and reliability.

Key Features

  • Automatic API Selection: The action intelligently routes requests to sync or async malware scanning APIs based on file size
  • Detailed Results: Get scan status, malware findings, file size, and detected file type as workflow outputs
  • Flexible Configuration: Configure timeout, polling intervals, and failure behavior
  • Secure: All API communication uses HTTPS, and sensitive credentials are handled through GitHub Secrets

Getting Started

  1. Get an API Key: Sign up at attachmentAV to obtain your malware scanning API key
  2. Add to Secrets: Store your API key in GitHub Secrets as ATTACHMENTAV_API_KEY
  3. Add the Action: Copy one of the examples above into your workflow file
  4. Run Your Workflow: The action will scan your files and report any virus or malware detections

Why Automated Malware Scanning Matters

Integrating antivirus scanning into your CI/CD pipeline provides multiple benefits:

  • Early Detection: Catch malware before it reaches production environments
  • Compliance: Meet security and regulatory requirements for file scanning
  • Automated Security: No manual intervention required - scans run automatically on every workflow execution
  • Audit Trail: GitHub Actions logs provide a complete history of all malware scans

Conclusion

The attachmentAV for GitHub makes it easy to add enterprise-grade virus and malware scanning to your GitHub workflows. Whether you’re scanning build artifacts, user uploads, or dependencies, you can integrate the attachmentAV antivirus API into your CI/CD pipeline with just a few lines of YAML.

Ready to secure your GitHub workflows? Get started with attachmentAV today, and check out the complete documentation on GitHub.

Published on February 9, 2026 | Written by Sebastian

Stay up-to-date

Monthly digest of security updates, new capabilities, and best practices.