Skip to main content
Integrate security scanning into your continuous integration and deployment pipelines.

Benefits

Shift Left

Catch vulnerabilities before deployment

Automated

No manual intervention needed

Fail Fast

Block builds with security issues

Consistent

Same security checks every build

GitHub Actions

name: CodeThreat Security Scan
on: [push, pull_request]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      
      - name: CodeThreat Scan
        uses: codethreat/scan-action@v1
        with:
          api-key: ${{ secrets.CODETHREAT_API_KEY }}
          fail-on: critical,high

GitLab CI

codethreat_scan:
  stage: security
  script:
    - curl -X POST "https://app.codethreat.com/api/v1/scans" \
        -H "X-API-Key: $CODETHREAT_API_KEY" \
        -H "Content-Type: application/json" \
        -d '{"repository_id": "$CI_PROJECT_ID"}'
  only:
    - main
    - merge_requests

Azure Pipelines

trigger:
  - main

pool:
  vmImage: 'ubuntu-latest'

steps:
- task: CodeThreatScan@1
  inputs:
    apiKey: '$(CodeThreatApiKey)'
    failOnCritical: true

Jenkins

pipeline {
    agent any
    stages {
        stage('Security Scan') {
            steps {
                sh '''
                    curl -X POST "https://app.codethreat.com/api/v1/scans" \
                      -H "X-API-Key: ${CODETHREAT_API_KEY}" \
                      -H "Content-Type: application/json" \
                      -d '{"repository_id": "repo_123"}'
                '''
            }
        }
    }
}

Best Practices

Create dedicated API key: Use separate key for CI/CD Store securely: Use secret management (GitHub Secrets, etc.) Fail on Critical/High: Block builds with serious issues Run on every push: Continuous security checking Cache results: Speed up builds with caching Parallel execution: Run security scan in parallel with tests

What’s Next?

API Keys

Create API keys for CI/CD

API Reference

View API documentation