Sec1
ProductsBook A DemoContact Us
  • Sec1 Documentation
  • Quick Start
    • Login to Sec1
    • Your First Scan
    • View Results
  • Integration with Sec1
    • Registration & Login
      • Login with GITHub
      • New Registration
      • Forgot Password
      • Team Administration
    • Scan
    • Dashboard
    • Auto Fix
    • Integration with Sec1 CLI
      • Sec1 CLI (Command Line Interface) Overview
        • Config
        • Scan
        • Search
    • Integration with CI/CD
      • Jenkins Integration
      • Github Actions
      • Azure DevOps Extension for Sec1 Security
      • Azure DevOps Extension for Sec1 Container Image Scanner
      • GCP Code Build
      • Gitlab CI/CD Component
      • Integration with CircleCI Using the Sec1 Orb
      • Teamcity Plugin
    • How to Get Your API Key
  • External Integrations
    • GITHub Integration
    • Azure SCM Integration
    • Notifications
    • Generate Sec1 API Token
  • Static Application Security Testing
    • SAST Java Rules
      • GIT Leaks
      • Leakage of Information in Logger Message
      • Leakage of sensitive data in cookie
      • Leakage of sensitive data in exception message
      • Leakage of sensitive data to Airbrake
      • Leakage of sensitive data to Algolia
      • Leakage of Sensitive Data to Bugsnag
      • Leakage of Sensitive Data to ClickHouse
      • Leakage of Sensitive Data to Datadog
      • Leakage of Sensitive Data to ElasticSearch
      • Leakage of Sensitive Data to New Relic
      • Leakage of Sensitive Data to OpenTelemetry
      • Leakage of Sensitive Data to RollBar
      • Leakage of Sensitive Data to Sentry
      • Leakage of Sensitive Information in Exception Messages
      • Leakage of sensitive information in logger message
      • Missing authentication for database
      • Missing database password detected
      • Missing HTTP Only Option in Cookie Configuration
      • Missing Optimal Asymmetric Encryption Padding (OAEP)
      • Missing or Permissive SSL Hostname Verifier
      • Missing Protection against Session Fixation Attacks
      • Missing Secure option in cookie configuration
      • Missing signature verification of JWT
      • Missing SSL host check in SMTP
      • Missing Support for Integrity Check
      • Missing TLS validation
      • Observable Timing Discrepancy
      • Permissive Access-Control-Allow-Origin configuration
      • Permissive context mode for resources
      • Permissive cookie configuration
      • Permissive HTTP Only option in cookie configuration
      • Permissive Screenshot option set
      • Possible CLRF injection detected
      • Possible expression language (EL) injection detected
      • Possible HTTP Parameter Pollution detected
      • Unsanitized external input in SQL query
      • Unsanitized use of FileUpload filename
      • Unsanitized user input in 'eval' type function
      • Unsanitized user input in Access-Control-Allow-Origin
      • Unsanitized user input in AWS query
      • Unsanitized user input in code generation
      • Unsanitized user input in deserialization method
      • Unsanitized User Input in File Path Traversal
      • Unsanitized User Input in File Path
      • Unsanitized user input in format string detected
      • Unsanitized user input in HTTP request (SSRF)
      • Unsanitized user input in HTTP response (XSS)
      • Unsanitized user input in LDAP request
      • Unsanitized user input in logger message
      • Unsanitized User Input in OS Command
      • Unsanitized User Input in Output Stream (XSS)
      • Unsanitized User input in Redirect
      • Unsanitized User Input in Regular Expression
      • Unsanitized user input in SQL catalog configuration
      • Unsanitized user input in XML External Entity
      • Unsanitized User Input in XPath
      • Usage of bad hex conversion on digest array
      • Usage of CBC (Cipher Block Chaining) Mode with Padding
      • Usage of custom Digest class
      • Usage of dangerous permissions
      • Usage of ECB Cipher Mode
      • Usage of External Input in Code Reflection
      • Usage of hard-coded database password
      • Usage of hard-coded secret
      • Usage of insufficient random value
      • Usage of naive Socket class to create SSL Socket
      • Usage of permissive file permission ('other')
      • Usage of small key size with Blowfish encryption
      • Usage of Trusted and Untrusted Data inside the same Data Structure
      • Usage of vulnerable Apache Commons Collections InvokeTransformer class
      • Usage of weak encryption algorithm (DES)
      • Usage of Weak Hashing Library on a Password (SHA-1)
      • Usage of Weak Hashing library (MD5)
    • SAST JavaScript Rules
      • Leakage of hard-coded secret in JWT
      • Leakage of information in logger message
      • Leakage of sensitive data in dynamic file generation
      • Leakage of sensitive data in exception message
      • Leakage of sensitive data in JWT
      • Leakage of sensitive data in local storage
      • Leakage of sensitive data to Airbrake
      • Leakage of sensitive data to Algolia
      • Leakage of sensitive data to Bugsnag
      • Leakage of sensitive data to Datadog RUM
      • Leakage of sensitive data to Datadog
      • Leakage of sensitive data to ElasticSearch
      • Leakage of sensitive data to Google Analytics (React)
      • Leakage of sensitive data to Google Analytics
      • Leakage of sensitive data to Google Tag Manager
      • Leakage of sensitive data to HoneyBadger
      • Leakage of sensitive data to New Relic
      • Leakage of sensitive data to OpenTelemetry
      • Leakage of sensitive data to OpenAI
      • Leakage of sensitive data to RollBar
      • Leakage of sensitive data to Segment
      • Leakage of sensitive data to Sentry
      • Leakage of sensitive information in logger message
      • Missing Access Restriction on Directory Listing
      • Missing escape of HTML entities in Handlebars template compilation
      • Missing Helmet configuration on HTTP headers
      • Leakage of Sensitive Information in Exception Messages
      • Missing origin check in message handler
      • Missing Revoke Method on JWT
      • Missing Secure HTTP server Configuration
      • Missing Secure option in Cookie Configuration
      • Missing Server Configuration to reduce Server Fingerprinting
      • Missing TLS validation
      • Observable Timing Discrepancy
      • Permissive file assignment
      • Permissive origin in postMessage
      • Unsanitized dynamic input in file path traversal
      • Unsanitized dynamic input in file path
      • Unsanitized Dynamic input in OS Command
      • Unsanitized dynamic input in regular expression
      • Unsanitized input in NoSQL query
      • Unsanitized user input in 'eval' type function
      • Unsanitized user input in React inner HTML method (XSS)
      • Unsanitized user input in Access-Control-Allow-Origin
      • Unsanitized user input in deserialization method
      • Unsanitized user input in deserialization method
      • Unsanitized user input in dynamic HTML insertion (XSS)
      • Unsanitized user input in DynamoDB query
      • Unsanitized User Input in File Path Traversal
      • Unsanitized user input in format string
      • Unsanitized user input in HTTP request (SSRF)
      • Unsanitized user input in HTTP request (SSRF)
      • Unsanitized user input in HTTP response (XSS)
      • Unsanitized User input in HTTP Send file request
      • Unsanitized User input in OS command
      • Unsanitized user input in raw HTML strings (XSS)
      • Unsanitized User input in Redirect HAPI
      • Unsanitized user input in redirect
      • Unsanitized User input in Redirect
      • Unsanitized user input in regular expression
      • Unsanitized User Input in Resource Rendering
      • Unsanitized input in SQL query
      • Unsanitized User Input in UI
      • Unsanitized user input in XML parsing method
      • Usage of default Cookie Configuration
      • Usage of Default Session Cookie Configuration
      • Usage of externally controlled input to select code
      • Usage of hard-coded Passport Secret
      • Usage of hard-coded secret
      • Usage of Hard-Coded Secret
      • Usage of insecure HTTP connection
      • Usage of insecure websocket connection
      • Usage of insufficient random value
      • Usage of manual HTML sanitization (XSS)
      • Usage of Session on Static Asset (CSRF)
      • Usage of vulnerable DOMPurify package
      • Usage of vulnerable marked package
      • Usage of weak encryption algorithm (DES)
      • Usage of weak encryption algorithm on a password (DES)
      • Usage of weak encryption algorithm on a password (RC4)
      • Usage of weak encryption algorithm (RC4)
      • Usage of weak hashing library (MD5)
      • Usage of weak hashing library on a password (Argon2)
      • Usage of weak hashing library on a password (MD5)
      • Usage of weak hashing library on a password (SHA-1)
      • Usage of weak hashing library (SHA-1)
  • SBOM Scanner
    • Config
    • Scan
  • CISO Console
  • Pricing & Billing
  • CVE API
Powered by GitBook
On this page
  • Introduction
  • Integration Steps
  • 1. Install the Sec1 Security Plugin
  • 2. Configure Sec1 Security as a Build Step
  • 3. Configuration Parameters
  • Configure the following parameters in the "Sec1 Settings" section:
  • Troubleshooting
  1. Integration with Sec1
  2. Integration with CI/CD

Teamcity Plugin

PreviousIntegration with CircleCI Using the Sec1 OrbNextHow to Get Your API Key

Last updated 9 months ago

Teamcity Version 2023.11.1 (build 147412)

Introduction

Integrating the Sec1 Security plugin with TeamCity allows developers and teams to enhance the security of their software projects by scanning Source Code Management (SCM) repositories for open-source vulnerabilities against the Sec1 Security Database. This documentation provides a step-by-step guide on integrating the Sec1 Security plugin into your TeamCity CI/CD pipelines.

Integration Steps

1. Install the Sec1 Security Plugin

  • Go to "Administration" > "Plugins" in your TeamCity instance.

  • Navigate to "Browse plugins repository".

  • Search for "Sec1 Security" and click on the search result to visit the plugin page.

  • From the "Get" dropdown, select the "Install" option, or download the ZIP.

If downloading the ZIP:

  • Go to "Administration" > "Plugins".

  • Click on "Upload plugin zip".

  • Select the plugin zip from downloaded location.

  • Click on "Upload plugin zip" of the popup window.

Note: Ensure that you have enabled the Sec1 Security plugin.

2. Configure Sec1 Security as a Build Step

  • Navigate to "Build Steps" screen in your project.

  • Click on "Add build step".

  • Search "Sec1 Security" in the search box and select the result.

  • Add "Sec1 API Key".

    Note :

📷 Show Preview

3. Configuration Parameters

Configure the following parameters in the "Sec1 Settings" section:

  • Sec1 API Key: (required) The API key to be used to access Sec1 API.

  • Apply Threshold (optional) If selected, define your vulnerability threshold levels by "Severity". Default values for Critical and High are 0 and 10 respectively

    • If you set the critical vulnerability threshold to 10, your build will fail if more than 10 critical vulnerabilities are found in the scan.

    • Choose actions for the breach: Fail or Continue.

Troubleshooting

To see more information on your steps:

  • View the "Console Output" for a specific build.


-- Sec1 team

To get SEC1_API_KEY navigate to > "Login with GitHub" > "Settings" In the "API key" section, click on "Generate API key" and copy it for use.

To know how to configure build step. Refer

Scopy
Configuring Build Steps
Install the Sec1 Security Plugin
Configure Sec1 Security as a Build Step
Configuration Parameters
Sec1 API Token