Travis CI Integration
Integrate Threatspy with Travis CI to automatically trigger security scans during your CI/CD workflow. This enables continuous security testing of your web applications and APIs whenever changes are pushed to your repository.
Prerequisites
Before you begin, ensure you have:
- A Threatspy account with an active subscription or trial.
- An application already created in Threatspy.
- A valid Threatspy API Key.
- The Application ID of the application you want to scan.
- Your registered Threatspy email address.
- A GitHub repository integrated with Travis CI.
Step 1: Generate Threatspy Credentials
Log in to your Threatspy dashboard and collect the following credentials.
| Credential | Description |
|---|---|
| API Key | Used to authenticate API requests to Threatspy. |
| Application ID | Unique identifier of the application to be scanned. |
| User Email | Registered email address associated with your Threatspy account. |
> Note: Keep your API Key confidential and never commit it to your source code.
Step 2: Configure Travis CI Environment Variables
Navigate to your Travis CI project:
Repository → More Options → Settings → Environment Variables
Create the following environment variables:
| Variable Name | Description |
|---|---|
| `THREATSPY_API_KEY` | Your Threatspy API Key |
| `THREATSPY_APP_ID` | Your Threatspy Application ID |
| `THREATSPY_USER_EMAIL` | Your registered Threatspy email address |
> Recommended: Store all credentials as encrypted environment variables.
Step 3: Configure the Travis CI Pipeline
Create or update the `.travis.yml` file in the root of your repository.
language: minimal
branches:
only:
- main
script:
- |
curl -X POST https://api.threatspy.secureblink.com/start-scan \
-H "x-api-key: $THREATSPY_API_KEY" \
-H "x-app-id: $THREATSPY_APP_ID" \
-H "email: $THREATSPY_USER_EMAIL" \
-H "Content-Type: application/json"This configuration automatically triggers a Threatspy security scan whenever changes are pushed to the main branch.
Step 4: Commit and Push Changes
Commit the updated Travis CI configuration and push it to your repository.
git add .travis.yml
git commit -m "Add Threatspy Travis CI integration"
git push origin mainTravis CI will automatically start a new build after the changes are pushed.
Step 5: Verify Pipeline Execution
After the build starts:
- Open your repository in Travis CI.
- Navigate to the latest build.
- Verify that the build executes successfully.
- Confirm the Start Scan command completes without any errors.
Once the build finishes successfully, the security scan request will be submitted to Threatspy for processing.