Skip to content
/ probely-orb Public

Integrate our security scans with your CircleCI CI/CD pipeline

License

MIT license
1 star 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Probely/probely-orb

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
.circleci
.circleci
 
 
.github
.github
 
 
images
images
 
 
src
src
 
 
.gitignore
.gitignore
 
 
.yamllint
.yamllint
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
publish-alpha.sh
publish-alpha.sh
 
 

Repository files navigation

Probely Security Scanner Orb CircleCI Build Status CircleCI Orb Version GitHub license CircleCI Community

This orb uses Probely to scan your web application for security vulnerabilities. It enables security testing in your CircleCI pipeline.

What is CircleCI?

CircleCI is a leading continuous integration tool that allows building, testing, and deploying applications. Orbs allow CircleCI to be extended with additional functionality. In this particular case, this orb integrates Probely with CircleCI enabling security testing of your applications.

You can learn more about Orbs here.

What is Probely?

Probely is a Web Vulnerability Scanning suite for Agile Teams. It provides continuous scanning of your Web Applications and lets you efficiently manage the lifecycle of the vulnerabilities found. Some of its main features are:

  • Tests for more than 5000 vulnerabilities
  • Authenticated scanning
  • Tailored instructions on how to fix the vulnerabilities (including snippets of code)
  • API for every single feature
  • Jira and Slack integration
  • PCI-DSS and OWASP compliance reports
  • Designed for developers, easy to use, easy to understand.
  • Re-test vulnerabilities, define custom headers, multiple users, CVSS score, scheduling, and more.

Usage

Example config.yml:

version: 2.1

orbs:
  probely: probely/security-scan@x.y.z

jobs:
  scantest:
    executor: ci-base
    steps:
    - run: exit 0 # toggle this to force success or status for testing
    - probely/scan:
        # Remember to set the PROBELY_API_KEY environment variable!
        target_id: ${PROBELY_TARGET_ID}

For more detailed usage for this Orb, please check here.

Dependencies

cURL

cURL is used to call the Probely API, and must be installed in the container to function properly.

Help

Generating an API key on Probely

Before using the plugin, you first need to create an API key for CircleCI to be able to start a scan with Probely.

  1. Go to Probely, and log in
  2. Select a target from the drop-down list
  3. Go to the Settings page
  4. Click on the Integrations tab
  5. Write a name for the API Key. Since we want this API Key for CircleCI, we name it CircleCI
  6. Click on Generate New Key

Creating an API key

After the API key is created, please take note of the Target id and API key values. They will be required to configure the Plugin credentials later on.

Building and Contributing

Contributions are very welcome! Send us pulls requests :)

About

Integrate our security scans with your CircleCI CI/CD pipeline

Topics

security circleci security-scanner security-automation security-testing circleci-orbs

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

4 watching

Forks

2 forks
Report repository

Releases

21 tags

Packages

 
 
 

Contributors 4

  •  
  •  
  •  
  •  

Languages