Threatrix Documentation
Threatrix
  • Getting Started
  • Developer Quick Start
  • SecureShip
    • Artifactory Scanning
    • ThreatAgent Scanning
  • Threat Center
    • Creating Account
      • OAuth Login
    • Entity Dashboard
    • User Profile
  • AICertify
    • Reviewing Results
  • codecertify
    • Quick Start
    • Project Summary Tab
    • Components Tab
      • Custom Components
        • Adding
        • Editing
        • Important Notes
      • Header Panel
      • Module Tree Panel
      • Results Panel
        • Card View
        • Risk Graph View
      • Audit History
    • Assets Tab
      • Custom Asset Matches
        • Adding Asset Match
  • securecore
    • Project Dashboard
    • ThreatScan
    • Scan Results
  • Threat Agent
    • Threat Agent Overview
    • Threat Agent - Installation & Scanning
    • Scan Summary Reports
    • Resolving Errors
    • Scanning Container Images
  • Integrations
    • Dependency Managers
      • RENV
    • Build Integrations
      • AWS CodeBuild
      • Azure DevOps
      • Bitbucket Pipeline
      • CircleCI
      • GitHub Action
      • GitLab Pipeline
      • Jenkins Pipeline
    • SCM Integrations
      • GitLab
      • Bitbucket
    • Issue Management
      • Jira
    • Notifications
  • Policy Management
    • Policy Overview
    • Creating Policies
    • Policy Conditions
    • Policy Actions
    • Policy Scopes
  • Administration
    • User Management
    • Organization Settings
      • Organization Knowledge Base
      • Integration
        • Slack Integration
        • Jira Integration
        • Service Keys
    • RBAC
    • Entity Management
    • Okta
      • Okta Org2Org Integration
  • GraphQL API
    • API Overview
  • Resources
    • Dependency Managers
      • PIP
    • Dictionary
    • Licenses
    • Security & Privacy
    • Binary File Support
  • Hybrid / On Premise
    • Getting Started
    • Installation
    • Upgrade
    • Setup
    • Cloud Data Disclosure
    • Troubleshooting
Powered by GitBook
On this page
  • Currently Supported Integrations
  • Build Integration Steps
  • Environment Variables
  • Threat Agent Scan Options
  • Build Server Configuration

Was this helpful?

  1. Integrations

Build Integrations

Build integrations enable the automated scanning of your projects for continuous security and compliance across all your projects and products.

PreviousRENVNextAWS CodeBuild

Last updated 11 months ago

Was this helpful?

Currently Supported Integrations

  • Azure DevOps

  • Jenkins Pipeline

  • Bitbucket Pipeline

  • Circle CI

  • GitHub Actions

  • Gitlab Pipeline

Build Integration Steps

Threatrix runs scans from within your build environment, allowing for automated and continuous open source security and license compliance data to be sent to your team.

As a build step, scans run during a build and are typically kicked off during a pull request. Integrated scans enable your development to spot security problems, in your open source, before merging their changes into your main branch. can be generated to annotate your pull request making it fast and easy for developers to find and fix vulnerabilities and license violations.

Just a few simple steps are required to get you up and running.

  1. Collect the information required to configure your build environment.

  2. Configure your build server with the environment variables.

  3. Add a build step to download Threat Agent and execute a scan.

Environment Variables

Whlle these values can be passed directly to the agent on the command line, it's often more security and helpful to implement them as environment variables within your build server.

  • THREATRIX_OID [REQUIRED]: The organization ID - Found in admin and user profile.

  • THREATRIX_EID [REQUIRED]: The entity ID for which scan results will be associated. This must be an entity for the user associated with the API_TOKEN to have rights.

  • THREATRIX_API_KEY [REQUIRED] - The access key used for the scan. Found in the admin or user profile

Threat Agent Scan Options

Build Server Configuration

Please see the respective build server documentation.

Our Threat Agent requires minimal configuration as it can detect it's environment and self configure based on that context. However, several and scan are available.

Threat Agent
Scan summary reports
command line options