Integrate Vulnetix CLI into Semaphore CI pipelines for automated vulnerability scanning.
Add Vulnetix to Semaphore CI
Create .semaphore/semaphore.yml and run the Vulnetix CLI in your Semaphore CI pipeline. It collects SARIF, CycloneDX and SPDX artifacts automatically and uploads them for centralised vulnerability management:
version: v1.0
name: Vulnetix Security
agent:
machine:
type: e1-standard-2
os_image: ubuntu2004
blocks:
- name: Security Scan
task:
secrets:
- name: vulnetix
jobs:
- name: Vulnetix
commands:
- curl -fsSL https://raw.githubusercontent.com/vulnetix/cli/main/install.sh | sh
- export PATH=$PATH:$HOME/.local/bin
- vulnetix scan
- vulnetix upload --file reports/results.sarif
Why run Vulnetix in Semaphore CI?
Every scan from every job lands in one queue, deduplicated and prioritised with EPSS, CISA KEV and Coalition ESS exploit intelligence — so your Semaphore CI pipeline gates merges on what is actually exploitable, not raw scanner noise.