CircleCI pipelines can run CybeDefend local scans by either installing the CLI or using Docker. This approach ensures your code is scanned within your pipeline, and only relevant data is uploaded to CybeDefend.

Prerequisites

  1. API Key
    Create one via Introduction & API Key Creation. Store it in Project Settings → Environment Variables (e.g. CYBEDEFEND_API_KEY).
  2. Branch Filters
    We recommend scanning only the main (or production) branch to avoid mixing partial results.

Docker Example

.circleci/config.yml:

version: 2.1

jobs:
  cybedefend-scan:
    docker:
      - image: cybedefend/local-scanner:latest
    steps:
      - checkout:
          path: my-app
      - run:
          name: "Run CybeDefend scan"
          command: |
            cybedefend scan my-app \
              --api-key $CYBEDEFEND_API_KEY \
              --project-id $CYBEDEFEND_PROJECT_ID \
              --ci

workflows:
  local-security-workflow:
    jobs:
      - cybedefend-scan:
          filters:
            branches:
              only:
                - main

Explanation

  • docker: We use the prebuilt cybedefend/local-scanner:latest image.
  • checkout: CircleCI’s built-in step to fetch code into my-app.
  • cybedefend scan: Zips and uploads your code, referencing environment variables for the key and project ID.

You can also run cybedefend results in a follow-up step to retrieve a SARIF or HTML report.

Alternative: CLI Binary

If you prefer your own Docker or machine executor:

version: 2.1

jobs:
  cybedefend-scan:
    docker:
      - image: ubuntu:latest
    steps:
      - checkout
      - run:
          name: Install CybeDefend CLI
          command: |
            curl -L https://github.com/CybeDefend/cybedefend-cli/releases/download/v1.0.0/cybedefend-linux-amd64 -o cybedefend
            chmod +x cybedefend
            mv cybedefend /usr/local/bin/
      - run:
          name: Run Local Scan
          command: |
            cybedefend scan --dir . \
              --api-key $CYBEDEFEND_API_KEY \
              --project-id $CYBEDEFEND_PROJECT_ID \
              --ci

Large codebases can require extra CPU/RAM. If you hit resource limits, upgrade your CircleCI plan or use a larger resource class.

For advanced gating, parse the CLI exit code or scan summary to fail the job on critical issues.