Teamcity Version 2023.11.1 (build 147412)
Integrating the Sec1 Security plugin with TeamCity allows developers and teams to enhance the security of their software projects by scanning Source Code Management (SCM) repositories for open-source vulnerabilities against the Sec1 Security Database. This documentation provides a step-by-step guide on integrating the Sec1 Security plugin into your TeamCity CI/CD pipelines.
Go to "Administration" > "Plugins" in your TeamCity instance.
Navigate to "Browse plugins repository".
Search for "Sec1 Security" and click on the search result to visit the plugin page.
From the "Get" dropdown, select the "Install" option, or download the ZIP.
If downloading the ZIP:
Go to "Administration" > "Plugins".
Click on "Upload plugin zip".
Select the plugin zip from downloaded location.
Click on "Upload plugin zip" of the popup window.
Note: Ensure that you have enabled the Sec1 Security plugin.
Navigate to "Build Steps" screen in your project.
Click on "Add build step".
Search "Sec1 Security" in the search box and select the result.
Add "Sec1 API Key".
Note :
To get SEC1_API_KEY navigate to Scopy > "Login with GitHub" > "Settings" In the "API key" section, click on "Generate API key" and copy it for use.
To know how to configure build step. Refer Configuring Build Steps
Sec1 API Key: (required) The API key to be used to access Sec1 API.
Apply Threshold (optional) If selected, define your vulnerability threshold levels by "Severity". Default values for Critical and High are 0 and 10 respectively
If you set the critical vulnerability threshold to 10, your build will fail if more than 10 critical vulnerabilities are found in the scan.
Choose actions for the breach: Fail or Continue.
To see more information on your steps:
View the "Console Output" for a specific build.
-- Sec1 team
Last updated
