GitLab CI Integration
Detectify can be integrated with GitLab CI to trigger security scans as part of your pipeline. This allows you to automatically test your applications for vulnerabilities after each deployment.
Overview
The GitLab CI integration uses the Detectify API to start scans and retrieve results within your .gitlab-ci.yml pipeline configuration. For internal applications, Detectify provides a dedicated CI/CD integration through the Internal Scanning agent.
Internal Scanning with GitLab
If you are scanning internal applications that are not accessible from the public internet, refer to the Internal Scanning CI/CD documentation for detailed GitLab integration instructions:
Internal Scanning GitLab CI/CD Guide
That guide covers:
- Deploying the scanning agent in your GitLab CI environment
- Configuring the agent to connect to Detectify
- Running scans against internal applications during pipeline execution
- Evaluating scan results and controlling pipeline status
External Application Scanning with GitLab
For publicly accessible applications, you can trigger Detectify scans from GitLab CI using the REST API:
detectify_scan:
stage: test
script:
- |
# Start a scan
SCAN_RESPONSE=$(curl -s -X POST \
-H "X-Detectify-Key: ${DETECTIFY_API_KEY}" \
"https://api.detectify.com/rest/v2/profiles/${SCAN_PROFILE_TOKEN}/scan/")
echo "Scan started"
# Poll for completion
while true; do
STATUS=$(curl -s \
-H "X-Detectify-Key: ${DETECTIFY_API_KEY}" \
"https://api.detectify.com/rest/v2/profiles/${SCAN_PROFILE_TOKEN}/scan/" \
| jq -r '.scan_status')
if [ "$STATUS" = "stopped" ] || [ "$STATUS" = "completed" ]; then
echo "Scan completed with status: $STATUS"
break
fi
sleep 30
done
variables:
DETECTIFY_API_KEY: ${DETECTIFY_API_KEY}
SCAN_PROFILE_TOKEN: ${SCAN_PROFILE_TOKEN}Store your DETECTIFY_API_KEY and SCAN_PROFILE_TOKEN as GitLab CI/CD variables to keep them secure.
Related
- Detectify API documentation for full API reference
- CI/CD integration overview for general guidance