# Teamcity Plugin

Teamcity Version 2023.11.1 (build 147412)

## Introduction

Integrating the Sec1 Security plugin with TeamCity allows developers and teams to enhance the security of their software projects by scanning Source Code Management (SCM) repositories for open-source vulnerabilities against the Sec1 Security Database. This documentation provides a step-by-step guide on integrating the Sec1 Security plugin into your TeamCity CI/CD pipelines.

## Integration Steps

1. [Install the Sec1 Security Plugin](#1-install-the-sec1-security-plugin)
2. [Configure Sec1 Security as a Build Step](#2-configure-sec1-security-as-a-build-step)
3. [Configuration Parameters](#3-configuration-parameters)

## 1. Install the Sec1 Security Plugin

* Go to "Administration" > "Plugins" in your TeamCity instance.
* Navigate to "Browse plugins repository".
* Search for "Sec1 Security" and click on the search result to visit the plugin page.
* From the "Get" dropdown, select the "Install" option, or download the ZIP.

If downloading the ZIP:

* Go to "Administration" > "Plugins".
* Click on "Upload plugin zip".
* Select the plugin zip from downloaded location.
* Click on "Upload plugin zip" of the popup window.

Note: Ensure that you have enabled the Sec1 Security plugin.

## 2. Configure Sec1 Security as a Build Step

* Navigate to "Build Steps" screen in your project.
* Click on "Add build step".
* Search "Sec1 Security" in the search box and select the result.
* Add "Sec1 API Key".

  Note :

  * To get `SEC1_API_KEY` navigate to [Scopy](https://scopy.sec1.io/) > "Login with GitHub" > "Settings" In the "API key" section, click on "Generate API key" and copy it for use.
  * To know how to configure build step. Refer [Configuring Build Steps](https://www.jetbrains.com/help/teamcity/configuring-build-steps.html)

> <details>
>
> <summary>📷 Show Preview</summary>
>
> <img src="https://307871102-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZPTNiztX3Ibw7jPbJaOR%2Fuploads%2Fgit-blob-c8245ac0de8fb6a0ef021a3c72a89f13a99a0757%2Fsec1-build-step-teamcity.png?alt=media" alt="Sec1 API Token" data-size="original">
>
> </details>

## 3. Configuration Parameters

### Configure the following parameters in the "Sec1 Settings" section:

* `Sec1 API Key`: (required) The API key to be used to access Sec1 API.
* `Apply Threshold` (optional) If selected, define your vulnerability threshold levels by "Severity". Default values for Critical and High are 0 and 10 respectively<br>
  * If you set the critical vulnerability threshold to 10, your build will fail if more than 10 critical vulnerabilities are found in the scan.
  * Choose actions for the breach: Fail or Continue.

## Troubleshooting

To see more information on your steps:

* View the "Console Output" for a specific build.

***

\-- Sec1 team