Our CI integration is available with both our infra scan and our code scan allowing you to avoid merging vulnerable code in your production code.
Using Github Actions To make it easier for organizations using Github, we have created a Github Action that you can easily integrate in your pipelines.
Infra Scan
Code Scan
Full Scan
code-security-scan : runs-on : ubuntu-latest steps : - uses : actions/checkout@v4 - name : Scan uses : SymbioticSec/actions/scan@v0.1.4 with : scan-type : infra api-token : ${{ secrets.SYMBIOTIC_API_TOKEN }}
Don’t forget to retrieve your organization token and to set it as a secret in your Github setttings. Using our CLI If you are not using Github you can still use our cli in your pipelines :
Install our CLI
curl -sSL https://github.com/SymbioticSec/cli/releases/latest/download/install.sh | bash echo 'export PATH="$HOME/.local/bin:$PATH"' We advise you to set SYMBIOTIC_API_TOKEN as an environment variable in your pipeline. You can create or retrieve this token here .
Launch our CLI
Launch infra scan
Launch code scan
symbiotic-cli ci infra ./
You can override the severity threshold defined in the configuration file using the severity-threshold option. Ex: symbiotic-cli ci infra ./ --severity-threshold high As of today scans must be launched on the root folder to correctly take into account the configuration file
Example in a Gitlab pipeline
stages : - test test-full-script : stage : test image : ubuntu:latest before_script : - apt-get update && apt-get install -y curl bash git unzip - curl -sSL https://github.com/SymbioticSec/cli/releases/latest/download/install.sh | bash - export "PATH=$HOME/.local/bin:$PATH" script : - symbiotic-cli ci code ./ rules : - if : '$CI_COMMIT_BRANCH' Configuration You can configure what makes the CI fail using our configuration file .
If there is no configuration file in the repository or if this configuration file has no blocking property, the CI will pass by default.
