Integrate Vulnetix CLI into CircleCI workflows for automated vulnerability scanning. Upload SARIF, CycloneDX, SPDX reports.
Add Vulnetix to CircleCI
Create .circleci/config.yml and run the Vulnetix CLI in your CircleCI pipeline. It collects SARIF, CycloneDX and SPDX artifacts automatically and uploads them for centralised vulnerability management:
version: 2.1
jobs:
vulnetix:
docker:
- image: golang:1.21
steps:
- checkout
- run:
name: Install Vulnetix
command: go install github.com/vulnetix/cli@latest
- run:
name: Security Scan
command: |
vulnetix scan
vulnetix upload --file reports/results.sarif
workflows:
security:
jobs:
- vulnetix
Why run Vulnetix in CircleCI?
Every scan from every job lands in one queue, deduplicated and prioritised with EPSS, CISA KEV and Coalition ESS exploit intelligence — so your CircleCI pipeline gates merges on what is actually exploitable, not raw scanner noise.