DevSecOps Pipeline Integration

Shift-Left Security for Modern DevOps

Integrate enterprise-grade vulnerability scanning into every pull request and deployment. Catch security issues before they reach production with automated CI/CD security gates.

Start Scanning API Documentation

Pipeline-Native Security Features

Everything you need to embed security scanning into your development workflow — from first commit to production deploy.

API-Driven Scanning

Launch scans programmatically with our REST API. Authenticate with API keys, trigger scans on any target, and poll for results — all from your CI/CD pipeline scripts.

API Key Auth REST API Programmatic Access

SARIF Export

Export scan results in SARIF format for direct integration with GitHub's Security tab. Surface vulnerabilities as code scanning alerts alongside your pull requests.

GitHub Security Tab SARIF v2.1 Code Scanning Alerts

Webhook Notifications

Get notified the moment a scan completes. Configure webhooks to push results to Slack, Jira, PagerDuty, or any custom endpoint for instant triage and remediation.

Slack Jira Custom Webhooks

Automated Scheduling

Set up recurring security scans on daily, weekly, or monthly cadences. Ensure continuous coverage of your attack surface without manual intervention.

Daily Weekly Monthly

Add Security in Minutes

Drop our GitHub Action into your workflow and get vulnerability scanning on every push. Results appear directly in your Security tab as SARIF alerts.

  • Trigger scans on push, PR, or schedule
  • Fail builds on critical or high severity findings
  • Upload SARIF to GitHub Code Scanning
  • Works with GitHub Actions, GitLab CI, Jenkins & more
.github/workflows/security.yml 
name: Security Scan
on: [push, pull_request]

jobs:
  ftb-scan:
    runs-on: ubuntu-latest
    steps:
      - name: Trigger FTB Scan
        run: |
          SCAN_ID=$(curl -s -X POST \
            https://app.findthebreach.com/api/scan \
            -H "Authorization: Bearer ${{ secrets.FTB_API_KEY }}" \
            -H "Content-Type: application/json" \
            -d '{"target":"${{ vars.SCAN_TARGET }}","scan_type":"full"}' \
            | jq -r '.scan_id')

      - name: Download SARIF Results
        run: |
          curl -s -o results.sarif \
            https://app.findthebreach.com/api/scan/$SCAN_ID/sarif \
            -H "Authorization: Bearer ${{ secrets.FTB_API_KEY }}"

      - name: Upload to GitHub Security
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: results.sarif

Built for Compliance

Our scanning methodology aligns with industry-leading security frameworks and compliance standards.

OWASP

Top 10 Coverage

PCI DSS

Payment Security

SOC 2

Trust Services Criteria

HIPAA

Healthcare Data Protection

Secure Your Pipeline Today

Add enterprise-grade vulnerability scanning to your CI/CD workflow in minutes. No agents to install — just an API key and a few lines of YAML.

Start Scanning View API Docs