CI/CD integration

CircleCI Integration Guide

Security scanning in CircleCI workflows

Get a Free API Key

Integrate Vulnetix CLI into CircleCI workflows for automated vulnerability scanning. Upload SARIF, CycloneDX, SPDX reports.

Add Vulnetix to CircleCI

Create .circleci/config.yml and run the Vulnetix CLI in your CircleCI pipeline. It collects SARIF, CycloneDX and SPDX artifacts automatically and uploads them for centralised vulnerability management:

version: 2.1
jobs:
  vulnetix:
    docker:
      - image: golang:1.21
    steps:
      - checkout
      - run:
          name: Install Vulnetix
          command: go install github.com/vulnetix/cli@latest
      - run:
          name: Security Scan
          command: |
            vulnetix scan
            vulnetix upload --file reports/results.sarif
workflows:
  security:
    jobs:
      - vulnetix

Why run Vulnetix in CircleCI?

Every scan from every job lands in one queue, deduplicated and prioritised with EPSS, CISA KEV and Coalition ESS exploit intelligence — so your CircleCI pipeline gates merges on what is actually exploitable, not raw scanner noise.

All CI/CD integrations →  ·  All scanner integrations →