1. Support Center
  2. Documentation
  3. Enterprise Edition
  4. Administration tasks
  5. Integrating with your CI/CD platform
  6. Integration types

Integration types for CI/CD platforms

Regardless of which CI/CD platform you use, you have two options for integrating vulnerability scans. You can either configure a site-driven scan or use the legacy "Burp scan" option. You select your preferred option when adding the associated build steps to your pipeline. Which one you choose affects the rest of the process, so it is important to understand the differences and decide which approach is right for you.

Site-driven scan

Site-driven scans are the recommended approach for most use cases. This enables your CI/CD system to access your site tree and other details about your sites from Burp Suite Enterprise Edition. This includes things like the default scan configurations, false positive settings, included/excluded URLs, and so on.

Advantages

Limitations

Burp scan

A "Burp scan" is our legacy CI/CD integration type and still works in the same way as in previous versions of the driver and plugins. This option does not allow you to fetch your sites and their details from the Enterprise server, which has several key disadvantages. For this reason, we recommend that most customers use site-driven scans instead wherever possible. We are primarily continuing to offer the "Burp scan" option to avoid breaking any existing integrations that long-term customers have already configured.

Advantages

Limitations