CI/CD Integrations
Integrating Detectify into your CI/CD pipeline allows you to automatically trigger security scans as part of your build and deployment process. This ensures that new vulnerabilities are caught before or immediately after code reaches production.
Available CI/CD Integrations
| Platform | Documentation |
|---|---|
| GitLab CI | GitLab guide |
| GitHub Actions | GitHub Actions |
How CI/CD Integration Works
The typical CI/CD integration flow is:
- Code is pushed to your repository, triggering a pipeline run
- Deployment completes to a staging or production environment
- Detectify scan is triggered via the API, targeting the deployed application
- Scan results are evaluated against your defined thresholds
- Pipeline passes or fails based on whether new vulnerabilities were found
Integration Approaches
API-Based Triggers
You can trigger Detectify scans from any CI/CD platform using the Detectify API. The basic workflow involves:
- Starting a scan using the API
- Polling for scan completion
- Retrieving results and evaluating them against your criteria
This approach works with any CI/CD platform that can make HTTP requests, including Jenkins, CircleCI, Azure DevOps, and others.
Internal Scanning CI/CD
For scanning internal applications deployed within your network, see the Internal Scanning CI/CD documentation which covers agent-based scanning in CI/CD environments.
Best Practices
- Scan staging environments rather than production to avoid any impact on live users
- Set appropriate thresholds to fail pipelines only on Critical or High severity findings, avoiding pipeline blocks on informational issues
- Use scan profiles dedicated to CI/CD with focused scope to keep scan times short
- Cache scan results to avoid redundant scans when no relevant code has changed
Last updated on