CircleCI is a continuous integration and delivery system that is used by software teams to allow them to build, test and deploy applications easier and quicker on multiple platforms. With an emphasis on speed and configurability, CircleCI is built to help users test their applications whenever they make changes to it, release it or deploy it.
This topic explains how to configure Netsparker Enterprise to send a detected vulnerability to CircleCI.
For further information, see What Systems Does Netsparker Integrate With?.
This table lists and explains the CircleCI fields in the New CircleCI Integration window.
This is the type of scan:
For further information, see Types of Scans.
Click to select the URL of the website that will be scanned.
Click to select the Scan Profile that will be used. (If you selected Full (With primary profile) as the Scan Type, this is not displayed.)
Add the information in this script to the corresponding fields in the config.yml file in your project. Use variables for Netsparker Enterprise and API credentials.
How to Generate and Use Netsparker Enterprise’s CircleCI Integration Orbs
Netsparker Enterprise uses GitHub for integration with CircleCI. First, create a config.yml in your project’s root directory. CircleCI will read it each time it runs a build.
Here is a sample config.yaml file:
Click here to access the Netsparker Enterprise orb on CircleCI.
In the following steps, you'll learn how to access these areas in Netsparker Enterprise.
How to Generate Netsparker Enterprise’s CircleCI Integration Scripts
- Log in to Netsparker Enterprise.
- From the main menu, select Integrations, then New Integration.
- From the Continuous Integration Systems section, click CircleCI.
- The CircleCI Integration window is displayed.
- From the Integration Script Generator section, complete the fields:
- From the Scan Type field, select an option
- From the Website dropdown, select a target
- From the Scan Profile dropdown, select an option
- From the Parameters field, add the parameters in this script to the corresponding fields in the config.yml file in your project. Use variables for Netsparker Enterprise API credentials.
- Next, before using the plug-in, you need an API Key of a user with Start Scan privileges to start scanning with Netsparker Enterprise:
- Select [Your Name] (top right window), then API Settings. The API Settings window is displayed.
- In the Current Password field, enter your current password.
- Click Submit.
- Your User ID and Token are displayed.
- Add these values to your project (see Import Project Environment Variables).
How to Use Netsparker Enterprise's CircleCI Integration Script
Request read/write access to make your experience seamless on CircleCI. CircleCI easily integrates with GitHub and GitHub Enterprise.
- Log in to CircleCI with your Github account.
- Set up your project.
- The config.yml file that you created in the root directory of your project will be read each time the CircleCI assembly runs.
- If you have configured your settings correctly, your scan will begin in Netsparker Enterprise.
- Scans initiated by CircleCI will display the CircleCI icon in the Website column.
- You can also view the Continuous Integration Details of the build you are browsing by clicking Report. Click Technical Report, then Summary.