Skip to content

Latest commit



78 lines (54 loc) · 3.23 KB

File metadata and controls

78 lines (54 loc) · 3.23 KB

Probely Security Scanner Orb CircleCI Build Status CircleCI Orb Version GitHub license CircleCI Community

This orb uses Probely to scan your web application for security vulnerabilities. It enables security testing in your CircleCI pipeline.

What is CircleCI?

CircleCI is a leading continuous integration tool that allows building, testing, and deploying applications. Orbs allow CircleCI to be extended with additional functionality. In this particular case, this orb integrates Probely with CircleCI enabling security testing of your applications.

You can learn more about Orbs here.

What is Probely?

Probely is a Web Vulnerability Scanning suite for Agile Teams. It provides continuous scanning of your Web Applications and lets you efficiently manage the lifecycle of the vulnerabilities found. Some of its main features are:

  • Tests for more than 5000 vulnerabilities
  • Authenticated scanning
  • Tailored instructions on how to fix the vulnerabilities (including snippets of code)
  • API for every single feature
  • Jira and Slack integration
  • PCI-DSS and OWASP compliance reports
  • Designed for developers, easy to use, easy to understand.
  • Re-test vulnerabilities, define custom headers, multiple users, CVSS score, scheduling, and more.


Example config.yml:

version: 2.1

  probely: probely/security-scan@x.y.z

    executor: ci-base
    - run: exit 0 # toggle this to force success or status for testing
    - probely/scan:
        # Remember to set the PROBELY_API_KEY environment variable!
        target_id: ${PROBELY_TARGET_ID}

For more detailed usage for this Orb, please check here.



cURL is used to call the Probely API, and must be installed in the container to function properly.


Generating an API key on Probely

Before using the plugin, you first need to create an API key for CircleCI to be able to start a scan with Probely.

  1. Go to Probely, and log in
  2. Select a target from the drop-down list
  3. Go to the Settings page
  4. Click on the Integrations tab
  5. Write a name for the API Key. Since we want this API Key for CircleCI, we name it CircleCI
  6. Click on Generate New Key

Creating an API key

After the API key is created, please take note of the Target id and API key values. They will be required to configure the Plugin credentials later on.

Building and Contributing

Contributions are very welcome! Send us pulls requests :)