Enterprise Edition

Integrating CI-driven scans

  • Last updated: October 31, 2024

  • Read time: 2 Minutes

You can integrate CI-driven scans into your CI/CD pipeline. This enables Burp Scanner to run from a Docker container, and report results back to your Burp Suite Enterprise Edition server. CI-driven scans make it easy to scan sites and applications before they enter production.

What are CI-driven scans?

When a CI-driven scan is initiated, an instance of Burp Scanner is created inside a Docker container. This instance of Burp Scanner runs a local scan on a specified URL, defined by an environment variable in your pipeline script. Once the scan has finished, the instance of Burp Scanner sends the results to your Burp Suite Enterprise Edition server in JUnit XML format.

Note

We provide full setup walkthroughs for Jenkins, TeamCity, and GitHub Actions. However, you can use our generic setup instructions to fully integrate with any CI platform, including CircleCI, Bamboo, and Azure DevOps.

Configuring your scan

CI-driven scans are configured using a YAML file. This file defines:

You can also use the YAML file to apply custom extensions, BChecks, and BApps to your scans. For more information, see Using custom extensions, BChecks, and BApps with CI-driven scans.

Viewing your scan results

You can view your scan results in a number of ways:

  • In your CI/CD environment
  • By viewing the JUnit XML file directly
  • In the web interface for Burp Suite Enterprise Edition

Was this article helpful?