CircleCI Integration
Integrate Threatspy with CircleCI to automatically trigger security scans as part of your CI/CD workflow. This enables continuous security testing of your web applications and APIs whenever changes are pushed to your repository.
Prerequisites
Before you begin, ensure you have:
- A Threatspy account with an active subscription or trial.
- An application already created in Threatspy.
- A valid Threatspy API Key.
- The Application ID of the application you want to scan.
- Your registered Threatspy email address.
- A CircleCI project connected to your source code repository.
Step 1: Generate Threatspy Credentials
Log in to your Threatspy dashboard and collect the following credentials.
| Credential | Description |
|---|---|
| API Key | Used to authenticate API requests to Threatspy. |
| Application ID | Unique identifier of the application to be scanned. |
| User Email | Registered email address associated with your Threatspy account. |
> Note: Keep your API Key confidential and never expose it in your project configuration.
Step 2: Configure CircleCI Environment Variables
Navigate to your CircleCI project and create a Context or Project Environment Variables.
Organization Settings → Contexts (Recommended)
or
Project Settings → Environment Variables
Create the following environment variables:
| Variable Name | Description |
|---|---|
| `THREATSPY_API_KEY` | Your Threatspy API Key |
| `THREATSPY_APP_ID` | Your Threatspy Application ID |
| `THREATSPY_USER_EMAIL` | Your registered Threatspy email address |
> Recommended: Store credentials in a CircleCI Context to securely share them across multiple projects.
Step 3: Configure the CircleCI Pipeline
Create or update your CircleCI configuration file:
.circleci/config.ymlAdd the following configuration:
version: 2.1
jobs:
security_scan:
docker:
- image: cimg/base:stable
steps:
- checkout
- run:
name: Start Scan
command: |
curl -X POST https://api.threatspy.secureblink.com/start-scan \
-H "x-api-key: $THREATSPY_API_KEY" \
-H "x-app-id: $THREATSPY_APP_ID" \
-H "email: $THREATSPY_USER_EMAIL" \
-H "Content-Type: application/json"
workflows:
scan:
jobs:
- security_scan:
context: threatspy
filters:
branches:
only:
- mainThis workflow automatically triggers a Threatspy security scan whenever code is pushed to the main branch.
Step 4: Commit and Push Changes
Commit the updated CircleCI configuration and push it to your repository.
git add .circleci/config.yml
git commit -m "Add Threatspy CircleCI integration"
git push origin mainCircleCI will automatically trigger a new pipeline after the changes are pushed.
Step 5: Verify Pipeline Execution
After the pipeline starts:
- Navigate to your project in CircleCI.
- Open the latest pipeline execution.
- Verify that the security_scan job executes successfully.
- Ensure the Start Scan step completes without any errors.
Once the pipeline finishes successfully, the security scan request will be submitted to Threatspy for processing.