Jscrambler & GitHub integration is now available

Jscrambler and GitHub integration will make it easier for users to include Jscrambler’s Code Integrity protection in their build pipeline.

The users have the action ready on the GitHub Marketplace, only needing to adjust a few parameters. By integrating Jscrambler with GitHub, the user avoids having to customize GitHub actions from scratch or include calls to the Jscrambler CLI when setting up the pipeline.

If you haven't yet experienced Jscrambler's dashboard, we suggest you follow our Getting Started guide, which will walk you through all the functionalities that we make available for our users.

If you are familiar with Jscrambler, you just need to download "No Secrets" Jscrambler's configuration file for the application you want to protect. If you don't know how to do this, please contact us.

Jscrambler and GitHub

A Jscrambler configuration file should look like this:

{
  "parameters": [
    {
        "status": 1,
        "name": "objectPropertiesSparsing"
    },
    {
        "status": 1,
        "name": "whitespaceRemoval"
    },
    {
        "status": 1,
        "name": "regexObfuscation"
    },
    {
        "status": 1,
        "options": {
            "features": [
                "opaqueSteps"
            ]
        },
        "name": "controlFlowFlattening"
    },
    {
        "status": 1,
        "name": "booleanToAnything"
    },
    {
      "status": 1,
      "name": "identifiersRenaming"
    }
  ],
  "areSubscribersOrdered": false,
  "languageSpecifications": {
    "es8": true,
    "es7": false,
    "es6": true,
    "es5": true
  },
  "applicationTypes": {
      "html5GameApp": false,
      "javascriptNativeApp": false,
      "hybridMobileApp": true,
      "serverApp": false,
      "desktopApp": false,
      "webBrowserApp": true
  },
  "useRecommendedOrder": true,
  "tolerateMinification": true,
  "useProfilingData": false
}

After downloading Jscrambler’s configuration file for the application you want to protect, you should:

• Store your account keys and application ID as GitHub secrets.

• Place the jscrambler.json file in your application's root folder.
  
  

To configure a Jscrambler job with GitHub CI:

Consider the case of a workflow that, on a certain event, compiles or bundles a project and generates a set of JavaScript files in a dist folder.

To integrate with Jscrambler, you could add the following jobs:

jobs:
  build:
    runs-on: ubuntu-latest
    name: Test Protection
    environment: production
    steps:
      - uses: actions/checkout@v3
      # < your build process here >
      - name: Protect with Jscrambler
        id: jscrambler
        uses: jscrambler/code-integrity-actions/protect@v6
        with:
          application-id: ${{ secrets.JSCRAMBLER_APPLICATION_ID }}
          secret-key: ${{ secrets.JSCRAMBLER_SECRET_KEY }}
          access-key: ${{ secrets.JSCRAMBLER_ACCESS_KEY }}
          jscrambler-config-path: jscrambler.json
          files-src: |
            dist/*
            dist/**/*
          files-dest: dist-obfuscated/
      - name: Upload protected code as a GitHub artifact
        uses: actions/upload-artifact@v3
        with:
          name: protected-source-code
          path: dist-obfuscated/
          retention-days: 1

Integrate Jscrambler Code Integrity with GitHub workflow documents

For further features and detailed instructions, here’s our documentation describing how to integrate Jscrambler Code Integrity into your existing GitHub workflows.

Jscrambler is the leader in client-side web security and is trusted by the Fortune 500 and major companies in sectors such as finance, e-commerce, media, and software development.

Jscrambler has protected more than 1 million application builds and 2 billion user sessions.

To learn more and get support, contact us at [email protected].