CI/CD Integration
Add xa-v to your pipeline to automatically scan APIs on every change.
GitHub Actions
Create .github/workflows/xa-v-scan.yml:
name: xa-v API Security Scan
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: xa-v/scan@v1
with:
spec: ./openapi.yaml
api-key: ${{ secrets.XAV_API_KEY }}
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: xa-v/scan@v1
with:
spec: ./openapi.yaml
api-key: ${{ secrets.XAV_API_KEY }}
GitLab CI
Add to .gitlab-ci.yml:
xa-v-scan:
image: node:20
script:
- npx xa-v scan ./openapi.yaml --output json
only:
- main
- merge_requests
image: node:20
script:
- npx xa-v scan ./openapi.yaml --output json
only:
- main
- merge_requests
CircleCI
Add to .circleci/config.yml:
jobs:
xa-v-scan:
docker:
- image: cimg/node:20.0
steps:
- checkout
- run: npx xa-v scan ./openapi.yaml
workflows:
security:
jobs:
- xa-v-scan
xa-v-scan:
docker:
- image: cimg/node:20.0
steps:
- checkout
- run: npx xa-v scan ./openapi.yaml
workflows:
security:
jobs:
- xa-v-scan
Exit Codes
| Code | Meaning |
|---|---|
| 0 | No vulnerabilities found |
| 1 | Vulnerabilities found |
| 2 | Scan failed or timeout |
Use the exit code to fail builds when vulnerabilities are found:
xa-v scan ./openapi.yaml && echo "Pass" ||echo "Fail"