CI/CD Integrations

Trigger security scans from your CI/CD pipelines using the Internal Scanning Agent. Scan your applications for vulnerabilities before deployment and block releases when security issues are found using configurable guardrails.

This section covers Use Case 2: Pre-Production Pipeline Scanning. For scheduled scans managed through the Detectify Platform, see Use Case 1: Internal Network Vulnerability Scanning.

Why Integrate with CI/CD?

Shifting security left means catching vulnerabilities before they reach production:

• Early Detection - Find vulnerabilities during merge requests, not after deployment
• Automated Enforcement - Block risky code from being merged with guardrail policies
• Developer Feedback - Security findings appear directly in your pipeline results
• Audit Trail - Scan results are saved as artifacts for compliance and review

Available Integrations

Common Use Cases

For scheduled scans independent of code changes, configure them directly in the Detectify Platform.

See the GitLab CI/CD Use Cases for detailed examples.

How It Works

1. Trigger - Pipeline starts on push, merge request, or schedule
2. Scan - Pipeline calls your Internal Scanner API to start a security scan
3. Wait - Pipeline polls for scan completion (configurable timeout)
4. Evaluate - Results are checked against your guardrail thresholds
5. Enforce - Pipeline passes or fails based on findings

Prerequisites

Before setting up CI/CD integration, ensure you have:

• Internal Scanning Agent deployed in your environment
• A scan profile (application) registered in the Detectify platform
• The target application deployed and accessible from the Internal Scanning Agent
• Network connectivity from your CI/CD runners to the scanner endpoint

Next Steps

• GitLab CI/CD Quick Start - Get started with GitLab in minutes
• Configuration Reference - All available options
• Guardrails - Configure security policies