Products Book A Demo Contact Us

Teamcity Plugin

Teamcity Version 2023.11.1 (build 147412)

Introduction

Integrating the Sec1 Security plugin with TeamCity allows developers and teams to enhance the security of their software projects by scanning Source Code Management (SCM) repositories for open-source vulnerabilities against the Sec1 Security Database. This documentation provides a step-by-step guide on integrating the Sec1 Security plugin into your TeamCity CI/CD pipelines.

Integration Steps

  1. Install the Sec1 Security Plugin

  2. Configure Sec1 Security as a Build Step

  3. Configuration Parameters

1. Install the Sec1 Security Plugin

  • Go to "Administration" > "Plugins" in your TeamCity instance.

  • Navigate to "Browse plugins repository".

  • Search for "Sec1 Security" and click on the search result to visit the plugin page.

  • From the "Get" dropdown, select the "Install" option, or download the ZIP.

If downloading the ZIP:

  • Go to "Administration" > "Plugins".

  • Click on "Upload plugin zip".

  • Select the plugin zip from downloaded location.

  • Click on "Upload plugin zip" of the popup window.

Note: Ensure that you have enabled the Sec1 Security plugin.

2. Configure Sec1 Security as a Build Step

  • Navigate to "Build Steps" screen in your project.

  • Click on "Add build step".

  • Search "Sec1 Security" in the search box and select the result.

  • Add "Sec1 API Key".

    Note :

    • To get SEC1_API_KEY navigate to Scopy > "Login with GitHub" > "Settings" In the "API key" section, click on "Generate API key" and copy it for use.

    • To know how to configure build step. Refer Configuring Build Steps

📷 Show Preview

3. Configuration Parameters

Configure the following parameters in the "Sec1 Settings" section:

  • Sec1 API Key: (required) The API key to be used to access Sec1 API.

  • Apply Threshold (optional) If selected, define your vulnerability threshold levels by "Severity". Default values for Critical and High are 0 and 10 respectively

    • If you set the critical vulnerability threshold to 10, your build will fail if more than 10 critical vulnerabilities are found in the scan.

    • Choose actions for the breach: Fail or Continue.

Troubleshooting

To see more information on your steps:

  • View the "Console Output" for a specific build.

-- Sec1 team

PreviousIntegration with CircleCI Using the Sec1 OrbNextHow to Get Your API Key

Last updated