CI/CD Integrations
Integrating Detectify into your CI/CD pipeline automatically triggers security scans as part of your build and deployment process, catching new vulnerabilities before or immediately after code reaches production.
Available CI/CD Integrations
| Platform | Documentation |
|---|---|
| GitLab CI | GitLab guide |
| GitHub Actions | GitHub Actions |
How CI/CD Integration Works
The typical CI/CD integration flow is:
- Code is pushed to your repository, triggering a pipeline run
- Deployment completes to a staging or production environment
- Detectify scan is triggered via the API, targeting the deployed application
- Scan results are evaluated against your defined thresholds
- Pipeline passes or fails based on whether new vulnerabilities were found
Integration Approaches
API-Based Triggers
You can trigger Detectify scans from any CI/CD platform using the Detectify API. The basic workflow involves:
- Starting a scan using the API
- Polling for scan completion
- Retrieving results and evaluating them against your criteria
This approach works with any CI/CD platform that can make HTTP requests, including Jenkins, CircleCI, Azure DevOps, and others.
Internal Scanning CI/CD
For scanning internal applications deployed within your network, see the Internal Scanning CI/CD documentation which covers agent-based scanning in CI/CD environments.
Best Practices
- Scan staging environments rather than production to avoid any impact on live users
- Set appropriate thresholds to fail pipelines only on Critical or High severity findings, avoiding pipeline blocks on informational issues
- Use scan profiles dedicated to CI/CD with focused scope to keep scan times short
- Cache scan results to avoid redundant scans when no relevant code has changed
Last updated on