1. Support Center
  2. Documentation
  3. Enterprise Edition
  4. Administration tasks
  5. Integrating with your CI/CD platform
  6. Other
  7. Parameter reference

Parameter reference for the generic CI/CD driver

When using the generic, platform-agnostic CI/CD driver to integrate a Burp Suite Enterprise Edition vulnerability scan into your pipelines, you control the various options using command line parameters.

For example, a typical command to trigger a site-driven scan might look something like this:

java -jar path/to/ci-driver.jar https://your-enterprise-server:8080 --api-key=secret --site-id=7 --min-severity=high --min-confidence=certain --report-file=scan-report.html --report-type=summary

The following parameters are available.

Parameter Description Site-driven scans Burp scans Example
burp_api_url The full URL of your Enterprise server.

In the case of existing "Burp scans" that you configured using an older version of the driver, you can may also include the API key in this URL, but this will prevent you from generating scan reports. New integrations should add this separately using the --api-key parameter.
Required Required Site-driven scan:
https://your-enterprise-server.com:8080

New Burp scan:
https://your-enterprise-server.com:8080

Existing Burp scan:
https://your-enterprise-server.com:8080/api/your-api-key
--api-key The API key that you copied after creating the API user. If you have lost this, you can generate a new key from the Burp Suite Enterprise Edition web UI. Required Optional

Legacy integrations can omit this parameter and append the API key to the burp_api_url instead. However, this will prevent you from generating scan reports.
--api-key=secret
--site-id The ID of the site in Burp Suite Enterprise Edition that you want to scan. You can find this ID in the URL when viewing the site on web UI:
https://your-enterprise-server.com:8080/sites/<site-id>
If this parameter is included, the driver will trigger a site-driven scan, otherwise it will trigger a Burp scan.
Required Not permitted --site-id=7
--min-severity The minimum severity of issue that must be found by a scan before the build will fail.
Optional Optional --min-severity=high

Default: medium

Permitted values: high, medium, low, info, undefined, false_positive
--min-confidence The minimum issue confidence level that must be found by a scan before the build will fail. Optional Optional --min-confidence=certain

Default: tentative

Permitted values: certain, firm, tentative, undefined
--min-issues The number of issues that are permitted before the build will fail. Optional Optional --min-issues=5

Default: 0
--timeout The maximum number of seconds that the CI/CD system should wait to receive a response from the scan. If no response has been received after the time is up, the build will fail. Optional Optional --timeout=60

Default: 120
--scan-definition The location of a custom scan definition that you have created in the same JSON format used by the REST API. You can use this option to override the default scan configuration used by a site, or to provide a detailed scan configuration for a one-off scan that is not matched with an existing site. Not permitted Optional --scan-definition=your-definition.json
--named-scan-configuration The name of a built-in scan configuration that you want to use. You can enter this parameter multiple times to use more than one scan configuration. Not permitted Optional --named-scan-configuration="Audit checks - light"
--list-named-scan-configuration Outputs a list of all built-in scan configurations from Burp Suite Enterprise Edition and exits. N/A N/A N/A
--custom-scan-configuration The location of a JSON file containing a custom scan configuration that you want to use.
You can enter this parameter multiple times to use more than one custom scan configuration.
Not permitted Optional --custom-scan-configuration=your-configuration.json
--json Enables verbose mode, which will output the full issue details in JSON format for each issue found. Not permitted Optional N/A
--self-signed-cert The public part of your self-signed TLS certificate. This must be in X504 base64-encoded format and is usually found in a .pem file.

This is only required if you normally access Burp Suite Enterprise Edition over HTTPS (the "Use TLS" option is enabled in your network settings) and you use a self-signed certificate.
Optional - depending on network configuration. Optional - depending on network configuration. --self-signed-cert=your-certificate.pem
--report-file The location and file name where you want the HTML scan report to be saved. If unspecified, no report will be generated. Optional Optional --report-file=scan-report.html
--report-type The type of scan report that you want to generate. This can either be a summary or detailed report. Optional Optional --report-type=summary
--help Outputs the built-in help text and exits. N/A N/A N/A
--version Outputs the version number of the driver and exits. N/A N/A N/A