Integrating CI-driven scans
Last updated: January 29, 2024
Read time: 1 Minute
You can integrate CI-driven scans into your CI/CD pipeline. This enables Burp Scanner to run from a Docker container, and report results back to your Burp Suite Enterprise Edition server. CI-driven scans make it easy to scan sites and applications before they enter production.
What are CI-driven scans?
When a CI-driven scan is initiated, an instance of Burp Scanner is created inside a Docker container. This instance of Burp Scanner runs a local scan on a specified URL, defined by an environment variable in your pipeline script. Once the scan has finished, the instance of Burp Scanner sends the results to your Burp Suite Enterprise Edition server in JUnit XML format.
We provide full setup walkthroughs for Jenkins, TeamCity, and GitHub Actions. However, you can use our generic setup instructions to fully integrate with any CI platform, including CircleCI, Bamboo, and Azure DevOps.
Configuring your scan
CI-driven scans are configured using a YAML file. This file defines:
Viewing your scan results
You can view your scan results in a number of ways:
- In your CI/CD environment
- By viewing the JUnit XML file directly
- In the web interface for Burp Suite Enterprise Edition
Was this article helpful?
An error occurred, please try again.