Configuring Boost Security scanner modules with your Continuous Integration (CI)¶

Boost Security, through a modularized approach, supports a large number of specialized scanners, enabling security automation for several security types, such as

Consequently, Boost Security enables security automation to be integrated into development workflows for many programming languages and ecosystems.

You can easily add the Boost Security scanner and begin scanning your source code and related artifacts by using one of our officially supported Continuous Integration (CI) plugins:

If you're using a different Continuous Integration (CI) system, you can use the Boost Security CLI (Command Line Interface) to set up the workflow, as is shown in the instructions for Jenkins.

Minimum System Requirements¶

The minimum system requirements for manually running (i.e., not via ZTP (Zero Touch Provisioning)) the Boost Security scanner in a CI environment are as follows:

The following binaries must be installed: git, find, tar, and curl or wget.
The machine that executes the Boost Security scanner binary must either not have glibc or a glibc version of 2.28 or newer.

Scanner Authentication to the Boost Security service¶

An API token must be configured to allow the Boost Security scanner to upload results. To do so, you first must generate an API Key by visiting the Boost Security dashboard's Settings > Application Keys Page.

Once you have the API Key, we recommend you use your Continuous Integration (CI) environment's native secrets management system. Our suggested name for it is BOOST_API_TOKEN. We will refer to this secret in the examples below.

What are the Pipelines that are supported for each Source Code Management Application¶

Boost Security's technology compatibility in terms of pipelines that are supported for each source code management (SCM) system differs for each SCM system.