CI/CD Integration
Redactyl integrates with all major CI/CD platforms. Add scanning to your pipelines to catch secrets before they reach production.
Quick Start
Section titled “Quick Start”Add Redactyl to any CI pipeline with:
go install github.com/varalys/redactyl@latestredactyl scan --no-tui --sarif > redactyl.sarif.jsonPlatforms
Section titled “Platforms”- GitHub Actions - SARIF integration with Code Scanning
- GitLab CI - Pipeline artifacts and reports
- Azure Pipelines - Azure DevOps integration
- Bitbucket Pipelines - Bitbucket integration
Common Patterns
Section titled “Common Patterns”Fail on Findings
Section titled “Fail on Findings”redactyl scan --no-tui# Exit code 1 if findings detectedFail on High Severity Only
Section titled “Fail on High Severity Only”redactyl scan --no-tui --severity highUpload SARIF
Section titled “Upload SARIF”Most platforms support SARIF for security findings:
redactyl scan --sarif > redactyl.sarif.jsonScan Container Images
Section titled “Scan Container Images”redactyl scan --image $IMAGE_NAME:$IMAGE_TAG --no-tuiScan Helm Charts
Section titled “Scan Helm Charts”redactyl scan --helm ./charts --no-tuiBest Practices
Section titled “Best Practices”- Scan on every PR - Catch secrets before merge
- Scan main branch - Detect secrets that slip through
- Scan container images - Check what actually deploys
- Use baselines - Reduce noise from known secrets
- Upload SARIF - Get findings in your PR interface