Skip to content

Integrations

SecureObs integrations are intentionally small. Your CI runner executes the scanner image, the image calls the SecureObs API, and the dashboard stores the results.

Integration Surfaces

Surface Purpose
secureobs/scanner Docker image that runs scanners and posts findings
scan Runs enabled scanners for a project
gate Fails a pipeline when blocking findings exist
pr-comment Posts or updates one PR status comment
SARIF export Exposes project findings for SARIF-compatible tools

Runtime Boundary

SecureObs does not clone your repositories from the SaaS backend for normal CI scanning. The scanner runs inside your CI environment and sees the workspace that your CI job already checked out.

The only required secret is the SecureObs API key. Store it in the CI platform's encrypted secret store.

sequenceDiagram
  participant Runner as "CI runner"
  participant Scanner as "secureobs/scanner"
  participant Api as "SecureObs API"
  participant Dashboard as "Dashboard"

  Runner->>Scanner: Start scan command
  Scanner->>Api: Read enabled scanners
  Scanner->>Scanner: Run scanners locally
  Scanner->>Api: Upload findings
  Runner->>Scanner: Start gate command
  Scanner->>Api: Read blocking status
  Api->>Dashboard: Show findings