Integrate Vulnetix CLI into Drone CI pipelines for automated vulnerability scanning.
Add Vulnetix to Drone CI
Create .drone.yml and run the Vulnetix CLI in your Drone CI pipeline. It collects SARIF, CycloneDX and SPDX artifacts automatically and uploads them for centralised vulnerability management:
kind: pipeline
type: docker
name: security
steps:
- name: vulnetix
image: golang:1.21
environment:
VULNETIX_ORG_ID:
from_secret: vulnetix_org_id
commands:
- go install github.com/vulnetix/cli@latest
- vulnetix scan
- vulnetix upload --file reports/results.sarif
Why run Vulnetix in Drone CI?
Every scan from every job lands in one queue, deduplicated and prioritised with EPSS, CISA KEV and Coalition ESS exploit intelligence — so your Drone CI pipeline gates merges on what is actually exploitable, not raw scanner noise.