CI/CD Integration

Automated Security in Your Pipeline

Integrate Agnech security scanning into your CI/CD pipeline for automated vulnerability detection on every commit, PR, and release.

Overview

Shift security left by integrating Agnech into your development workflow. Catch vulnerabilities before they reach production.

Platforms

SARIF

Native Format

Comments

Gates

Quality Gates

Supported Platforms

GitHub Actions

Native integration with GitHub workflows and PR checks.

PR commentsStatus checksSARIF uploadSecurity tab integration

GitLab CI

Full support for GitLab pipelines and merge request integration.

MR commentsPipeline reportsSecurity dashboardSAST integration

Jenkins

Plugin and command-line integration for Jenkins pipelines.

Pipeline stepsBuild reportsTrend graphsQuality gates

Quick Start

Get started with CI/CD integration in minutes.

.github/workflows/security.yml

YAML

1# GitHub Actions Example
2name: Security Scan
3
4on:
5  push:
6    branches: [main]
7  pull_request:
8    branches: [main]
9
10jobs:
11  security:
12    runs-on: ubuntu-latest
13    steps:
14      - uses: actions/checkout@v4
15
16      - name: Setup Node.js
17        uses: actions/setup-node@v4
18        with:
19          node-version: '20'
20
21      - name: Install Agnech CLI
22        run: npm install -g @agnech/cli
23
24      - name: Activate License
25        run: agnech license activate ${{ secrets.AGNECH_LICENSE }}
26
27      - name: Run Security Scan
28        run: agnech scan --report sarif --output results.sarif ./src
29
30      - name: Upload SARIF
31        uses: github/codeql-action/upload-sarif@v3
32        with:
33          sarif_file: results.sarif

Configuration

Configure CI/CD behavior with environment variables and config files.

Environment Variables

AGNECH_LICENSELicense key (required)

AGNECH_FAIL_ONFail threshold (critical/high/medium)

AGNECH_MODEScan mode (quick/advanced/ultimate)

AGNECH_OUTPUTOutput format (sarif/json/html)

agnech.config.json

JSON

1# agnech.config.json for CI/CD
2{
3  "ci": {
4    "failOn": "high",
5    "mode": "advanced",
6    "output": "sarif",
7    "prComments": true,
8    "statusCheck": true,
9    "baseline": "./security-baseline.json"
10  }
11}

Best Practices

Use Baselines

Establish a security baseline to track new vs existing vulnerabilities. Only fail builds on new findings to avoid blocking development.

Progressive Enforcement

Start with warnings, then progress to blocking critical issues, and finally enforce on high-severity findings.

Cache Results

Use caching to speed up scans. Agnech can skip unchanged files when the cache is available.

Secure License Storage

Always store the license key in secrets management (GitHub Secrets, GitLab CI Variables, Jenkins Credentials).

Need Help?

Our team can help you set up CI/CD integration for your specific environment. Contact support@agnech.com.