Teamcity Plugin
Teamcity Version 2023.11.1 (build 147412)
Introduction
Integrating the Sec1 Security plugin with TeamCity allows developers and teams to enhance the security of their software projects by scanning Source Code Management (SCM) repositories for open-source vulnerabilities against the Sec1 Security Database. This documentation provides a step-by-step guide on integrating the Sec1 Security plugin into your TeamCity CI/CD pipelines.
Integration Steps
1. Install the Sec1 Security Plugin
Go to "Administration" > "Plugins" in your TeamCity instance.
Navigate to "Browse plugins repository".
Search for "Sec1 Security" and click on the search result to visit the plugin page.
From the "Get" dropdown, select the "Install" option, or download the ZIP.
If downloading the ZIP:
Go to "Administration" > "Plugins".
Click on "Upload plugin zip".
Select the plugin zip from downloaded location.
Click on "Upload plugin zip" of the popup window.
Note: Ensure that you have enabled the Sec1 Security plugin.
2. Configure Sec1 Security as a Build Step
Navigate to "Build Steps" screen in your project.
Click on "Add build step".
Search "Sec1 Security" in the search box and select the result.
Add "Sec1 API Key".
Note :
To get
SEC1_API_KEY
navigate to Scopy > "Login with GitHub" > "Settings" In the "API key" section, click on "Generate API key" and copy it for use.To know how to configure build step. Refer Configuring Build Steps
3. Configuration Parameters
Configure the following parameters in the "Sec1 Settings" section:
Sec1 API Key
: (required) The API key to be used to access Sec1 API.Apply Threshold
(optional) If selected, define your vulnerability threshold levels by "Severity". Default values for Critical and High are 0 and 10 respectivelyIf you set the critical vulnerability threshold to 10, your build will fail if more than 10 critical vulnerabilities are found in the scan.
Choose actions for the breach: Fail or Continue.
Troubleshooting
To see more information on your steps:
View the "Console Output" for a specific build.
-- Sec1 team
Last updated