Threatrix Documentation
Threatrix
  • Getting Started
  • Developer Quick Start
  • SecureShip
    • Artifactory Scanning
    • ThreatAgent Scanning
  • Threat Center
    • Creating Account
      • OAuth Login
    • Entity Dashboard
    • User Profile
  • AICertify
    • Reviewing Results
  • codecertify
    • Quick Start
    • Project Summary Tab
    • Components Tab
      • Custom Components
        • Adding
        • Editing
        • Important Notes
      • Header Panel
      • Module Tree Panel
      • Results Panel
        • Card View
        • Risk Graph View
      • Audit History
    • Assets Tab
      • Custom Asset Matches
        • Adding Asset Match
  • securecore
    • Project Dashboard
    • ThreatScan
    • Scan Results
  • Threat Agent
    • Threat Agent Overview
    • Threat Agent - Installation & Scanning
    • Scan Summary Reports
    • Resolving Errors
    • Scanning Container Images
  • Integrations
    • Dependency Managers
      • RENV
    • Build Integrations
      • AWS CodeBuild
      • Azure DevOps
      • Bitbucket Pipeline
      • CircleCI
      • GitHub Action
      • GitLab Pipeline
      • Jenkins Pipeline
    • SCM Integrations
      • GitLab
      • Bitbucket
    • Issue Management
      • Jira
    • Notifications
  • Policy Management
    • Policy Overview
    • Creating Policies
    • Policy Conditions
    • Policy Actions
    • Policy Scopes
  • Administration
    • User Management
    • Organization Settings
      • Organization Knowledge Base
      • Integration
        • Slack Integration
        • Jira Integration
        • Service Keys
    • RBAC
    • Entity Management
    • Okta
      • Okta Org2Org Integration
  • GraphQL API
    • API Overview
  • Resources
    • Dependency Managers
      • PIP
    • Dictionary
    • Licenses
    • Security & Privacy
    • Binary File Support
  • Hybrid / On Premise
    • Getting Started
    • Installation
    • Upgrade
    • Setup
    • Cloud Data Disclosure
    • Troubleshooting
Powered by GitBook
On this page
  • Common Build Integration Documentation
  • Environment Variables
  • Install Environment Variables
  • Add the Threatrix Agent to your build server.
  • Option 1: Add CLI Threat Agent
  • Option 2: Add Docker Threat Agent Step to your build

Was this helpful?

  1. Integrations
  2. Build Integrations

CircleCI

PreviousBitbucket PipelineNextGitHub Action

Last updated 7 months ago

Was this helpful?

Common Build Integration Documentation

This documentation is specific to CircleCI. documentation should be reviewed before proceeding further.

Environment Variables

Environment variable values can be found in your .

  • THREATRIX_OID - Your organization ID.

  • THREATRIX_EID - Your entityID (if you wish to override your default).

  • THREATRIX_API_KEY - Personal or organization API key.

Install Environment Variables

This step may require administrative privileges within CircleCI

From within CircleCI navigate to "Organization Settings->Contexts"

Click the Create Context button and create a new Context named "Threatrix"

After creating the context, click on the name to add environment variables to the context.

From within the Add Environment Variable dialog, enter the necessary variable values.

  • THREATRIX_OID - Your organization ID.

  • THREATRIX_EID - Your entityID (if you wish to override your default).

  • THREATRIX_API_KEY - Personal or organization API key.

Add the Threatrix Agent to your build server.

First,Add threatrix context to your job

Option 1: Add CLI Threat Agent

From within your SCM repository, add the following snippet to your .circleci/config.yml file or download a full example here:

# Execute Threat Scan
- run:
    name: Install Threatrix ThreatAgent & Scan
    command: |
        curl -LJO https://github.com/threatrix/threat-matrix/releases/download/agent-release-latest/threat-agent-latest.jar
        java -jar /tmp/threatagent.jar --progress
        

Option 2: Add Docker Threat Agent Step to your build

Prerequisite: In order to use our Docker image, your build executor must be of type machine otherwise, we'll be unable to create the necessary Docker volume

Add the following code snippet as a step to your existing build job. The threatrix scan agent should run either before or in parallel with your build job.

- run:
    name: Threatrix Scan
    command: |
        printenv > host.env
        docker run -v $(pwd):/app --env-file=host.env threatrix/threat-agent ./
Common build server
user profile
1KB
config.yml
config.yml