Our CI integration is available both for our infra scan and our code scan allowing you to avoid merging vulnerable code in your production code.
Using Github Actions To make it easier for organization using Github, we have create a Github Action that you can easily integrate in your pipelines.
Infra Scan
Code Scan
Full Scan
code-security-scan : runs-on : ubuntu-latest steps : - uses : actions/checkout@v4 - name : Scan uses : SymbioticSec/actions/scan@v0.1.4 with : scan-type : infra api-token : ${{ secrets.SYMBIOTIC_API_TOKEN }}
Don’t forget to retrieve you organization token and to set it as a secret in your Github setttings. Using our CLI If you are not using Github you can still use our cli in your pipelines :
Install our CLI
curl -sSL https://github.com/SymbioticSec/cli/releases/latest/download/install.sh | bash echo 'export PATH="$HOME/.local/bin:$PATH"' We advise you to set SYMBIOTIC_API_TOKEN as an environment variable in your pipeline. You can create or retrieve this token here .
Launch our CLI
Launch infra scan
Launch code scan
symbiotic-cli ci infra ./
You can override the seveity threshold defined in the configuration file using the severity-threshold option. Ex: symbiotic-cli ci infra ./ --severity-threshold high As of today scan must be launched on the root folder to take correctly into account the configuration file
Example in a Gitlab pipeline
stages : - test test-full-script : stage : test image : ubuntu:latest variables : SYMBIOTIC_API_TOKEN : $SYMBIOTIC_API_TOKEN before_script : - apt-get update && apt-get install -y curl bash git - curl -sSL https://github.com/SymbioticSec/cli/releases/latest/download/install.sh| bash - export "PATH=$HOME/.local/bin:$PATH" script : - symbiotic-cli ci code ./ rules : - if : '$CI_COMMIT_BRANCH' Configuration You can configure what will make the CI fail using our configuration file .
If there is no configuration file in the repository or if this configurations file have no blocking property, the CI will pass by default.
