Our CI integration is available both for our infra scan and our code scan allowing you to avoid merging vulnerable code in your production code.

Using Github Actions

To make it easier for organization using Github, we have create a Github Action that you can easily integrate in your pipelines. 
  
  code-security-scan:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Scan
        uses: SymbioticSec/actions/scan@v0.1.4
        with:
          scan-type: infra
          api-token: ${{ secrets.SYMBIOTIC_API_TOKEN }}
Don’t forget to retrieve you organization token and to set it as a secret in your Github setttings.

Using our CLI

If you are not using Github you can still use our cli in your pipelines :
1

Install our CLI

      curl -sSL https://github.com/SymbioticSec/cli/releases/latest/download/install.sh | bash
      echo 'export PATH="$HOME/.local/bin:$PATH"'
We advise you to set SYMBIOTIC_API_TOKEN as an environment variable in your pipeline.
2

Launch our CLI

  symbiotic-cli ci infra ./
You can override the seveity threshold defined in the configuration file using the severity-threshold option.Ex: symbiotic-cli ci infra ./ --severity-threshold high
As of today scan must be launched on the root folder to take correctly into account the configuration file

Configuration

You can configure what will make the CI fail using our configuration file.
If there is no configuration file in the repository or if this configurations file have no blocking property, the CI will pass by default.