Cicd Overview

Integrate BlockSecOps into your continuous integration pipeline. Automated security scanning in your pipeline: - Catches vulnerabilities before merge -...

Last updated: January 14, 2026

CI/CD Overview

Integrate BlockSecOps into your continuous integration pipeline.

Why CI/CD Integration?

Automated security scanning in your pipeline:

  • Catches vulnerabilities before merge
  • Enforces security standards
  • Provides immediate feedback
  • Creates audit trail

How It Works

Basic Flow

Push Code → CI Triggers → Upload to BlockSecOps →
Run Scan → Check Results → Pass/Fail Pipeline

Integration Points

Stage Action
PR Created Scan changes, comment results
PR Updated Re-scan, update comment
Merge to Main Full scan, block if critical
Pre-Deploy Final verification

Prerequisites

API Key

You'll need an API key:

  1. Go to SettingsAPI Keys
  2. Click Create Key
  3. Set appropriate permissions
  4. Copy the key (shown once)

Plan Requirements

Feature Plan Required
API access Developer+
Full CI/CD Startup+
Webhooks Startup+

Quick Start

1. Create API Key

# Store in CI secrets as BLOCKSECOPS_API_KEY

2. Upload Contract

curl -X POST https://api.blocksecops.com/api/v1/contracts/upload \
  -H "Authorization: Bearer $BLOCKSECOPS_API_KEY" \
  -F "file=@contracts/Token.sol"

3. Start Scan

curl -X POST https://api.blocksecops.com/api/v1/scans \
  -H "Authorization: Bearer $BLOCKSECOPS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"contract_id": "CONTRACT_ID", "preset": "standard"}'

4. Wait for Results

# Poll for completion
curl https://api.blocksecops.com/api/v1/scans/SCAN_ID \
  -H "Authorization: Bearer $BLOCKSECOPS_API_KEY"

5. Check Findings

curl https://api.blocksecops.com/api/v1/scans/SCAN_ID/results \
  -H "Authorization: Bearer $BLOCKSECOPS_API_KEY"

Threshold Configuration

Fail on Critical

# Fail if any critical findings
if [[ $(echo $RESULTS | jq '.critical_count') -gt 0 ]]; then
  exit 1
fi

Fail on High+

# Fail if critical or high findings
if [[ $(echo $RESULTS | jq '.critical_count + .high_count') -gt 0 ]]; then
  exit 1
fi

Custom Threshold

# Fail if risk score > 80
if [[ $(echo $RESULTS | jq '.max_risk_score') -gt 80 ]]; then
  exit 1
fi

Platform Guides

Platform Guide
GitHub Actions GitHub Actions
GitLab CI GitLab CI
Jenkins Jenkins
Other Custom CI/CD

Best Practices

Scan Timing

Stage Scan Type Threshold
PR Quick Warn on High+
Merge Standard Block on Critical
Deploy Deep Block on High+

Caching

Cache results when code hasn't changed:

  • Compare file hashes
  • Skip scan if unchanged
  • Use previous results

Secrets Management

  • Never commit API keys
  • Use CI secret storage
  • Rotate keys periodically
  • Use minimal permissions

Troubleshooting

Scan Times Out

  • Use Quick preset for PRs
  • Standard for most uses
  • Reserve Deep for releases

Rate Limits

  • Space out requests
  • Use webhooks instead of polling
  • Check your plan's limits

Authentication Fails

  • Verify key is correct
  • Check key isn't expired
  • Ensure key has permissions

Example Workflow

Complete CI Flow

name: Security Scan

on: [push, pull_request]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Upload and Scan
        env:
          API_KEY: ${{ secrets.BLOCKSECOPS_API_KEY }}
        run: |
          # Upload
          CONTRACT_ID=$(curl -X POST ...)

          # Scan
          SCAN_ID=$(curl -X POST ...)

          # Wait
          while [[ $STATUS != "complete" ]]; do
            sleep 10
            STATUS=$(curl ...)
          done

          # Check results
          CRITICAL=$(curl ... | jq '.critical_count')
          if [[ $CRITICAL -gt 0 ]]; then
            echo "Critical vulnerabilities found!"
            exit 1
          fi

Next Steps