Configuring BoostSecurity scanner modules with your Continuous Integration (CI)¶

BoostSecurity, through a modularized approach, supports a large number of specialized scanners, enabling security automation for several security types, such as

Consequently, BoostSecurity enables security automation to be integrated into development workflows for many programming languages and ecosystems.

You can easily add the BoostSecurity scanner and begin scanning your source code and related artifacts by using one of our officially supported Continuous Integration (CI) plugins:

If you're using a different Continuous Integration (CI) system, you can use the BoostSecurity CLI (Command Line Interface) to set up the workflow, as is shown in the instructions for Jenkins.

Minimum System Requirements¶

The minimum system requirements for manually running (i.e., not via ZTP (Zero Touch Provisioning)) the BoostSecurity scanner in a CI environment are as follows:

The following binaries must be installed: git, find, tar, and curl or wget.
The machine that executes the BoostSecurity scanner binary must either not have glibc or a glibc version of 2.28 or newer.

Scanner Authentication to the BoostSecurity service¶

An API token must be configured to allow the BoostSecurity scanner to upload results. To do so, you first must generate an API Key by visiting the BoostSecurity dashboard's Settings > Application Keys Page.

Once you have the API Key, we recommend you use your Continuous Integration (CI) environment's native secrets management system. Our suggested name for it is BOOST_API_TOKEN. We will refer to this secret in the examples below.

What are the Pipelines that are supported for each Source Code Management Application¶

BoostSecurity's technology compatibility in terms of pipelines that are supported for each source code management (SCM) system differs for each SCM system.