GCP Code Build
Last updated
Last updated
This Code Build step integrates to conduct vulnerability scans on your GitHub projects. Sec1 is a powerful tool that helps identify security vulnerabilities within your codebase.
Below is an example of using the Sec1 Security step in your Code Build pipeline. This will run Sec1 Security scan on each execution of the pipeline.
In your repository, create cloudbuild.yaml. Copy below code in cloudbuild.yaml file to add Sec1 Security.
Sec1 scan supports setting up threshold values. If the scan reports vulnerabilities exceeding the specified thresholds, Sec1 Security will mark the build as failed. You can set threshold values for different severities such as critical, high, medium, and low.
To use Sec1 in your workflow, you need to obtain an API key. Follow these steps:
Navigate to Sec1 Website:
Generate API Key:
In the "Settings" section, locate the "API key" and click on "Generate API key."
Copy the API Token:
Copy the generated API token.
Add API Key to GCP Secret Manager:
Remember the name of the Secret created in above step. This name will be used against INPUT_APIKEY
in docker command.
Set API Key Variable in cloudbuild.yaml:
In your Cloud Build config file (e.g., cloudbuild.yml
), use availableSecrets
to access the secret you created:
Now, your GCP Code Build pipeline is set up to leverage Sec1 for continuous security checks in your projects.
Visit and log in using your GitHub credentials.
Add the copied API key to your GCP's secret manager. Refer to for creating secrets.
Make sure you give accessor permission to the account which is triggering code build pipeline. Refer to to give accessor