Bugrit

CI/CD Integration

Automatically scan your code on every push, PR, or release.

🤖 Vibe Coding Prompts

Choose your path and copy the prompt to your AI assistant:

Scan on every PR

Read the Bugrit CI/CD docs at https://bugrit.com/docs/integrations/ci-cd

Create a GitHub Action that scans on every PR:

1. Trigger on: pull_request to main
2. POST to /api/v1/scans with GitHub repo info
3. Poll until scan completes
4. Add PR comment with scan summary
5. FAIL if critical issues found

Use secrets.BUGRIT_API_KEY and secrets.BUGRIT_APP_ID.

✨Works with Claude, ChatGPT, Cursor, Copilot, Cody, and other AI coding assistants

💡 Why This Matters

Manual security checks get skipped when you're rushing. CI/CD integration means every deploy gets scanned automatically—no human discipline required.

  • →Never forget: Scans run automatically on every push
  • →Quality gates: Block deploys when critical issues found
  • →Works everywhere: GitHub, GitLab, CircleCI, Jenkins

Required Secrets

  • BUGRIT_API_KEY - From Settings → API Keys
  • BUGRIT_APP_ID - From your application dashboard
Configuration Examples

GitHub Actions

# .github/workflows/bugrit.yml
name: Bugrit Scan

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Trigger Scan
        run: |
          curl -X POST https://bugrit.com/api/v1/scans \
            -H "Authorization: Bearer ${{ secrets.BUGRIT_API_KEY }}" \
            -H "Content-Type: application/json" \
            -d '{
              "applicationId": "${{ secrets.BUGRIT_APP_ID }}",
              "sourceType": "github",
              "repoUrl": "https://github.com/${{ github.repository }}",
              "branch": "${{ github.ref_name }}"
            }' | tee response.json

          SCAN_ID=$(jq -r '.scan.id' response.json)
          echo "SCAN_ID=$SCAN_ID" >> $GITHUB_ENV

      - name: Wait for Completion
        run: |
          while true; do
            STATUS=$(curl -s -H "Authorization: Bearer ${{ secrets.BUGRIT_API_KEY }}" \
              "https://bugrit.com/api/v1/scans/$SCAN_ID" | jq -r '.scan.status')
            [ "$STATUS" = "completed" ] && break
            [ "$STATUS" = "failed" ] && exit 1
            sleep 10
          done

      - name: Check Findings
        run: |
          CRITICAL=$(curl -s -H "Authorization: Bearer ${{ secrets.BUGRIT_API_KEY }}" \
            "https://bugrit.com/api/v1/scans/$SCAN_ID" | jq -r '.scan.summary.critical')
          [ "$CRITICAL" -gt 0 ] && exit 1 || exit 0

GitLab CI

# .gitlab-ci.yml
bugrit-scan:
  image: alpine:latest
  before_script:
    - apk add --no-cache curl jq
  script:
    - |
      RESPONSE=$(curl -X POST https://bugrit.com/api/v1/scans \
        -H "Authorization: Bearer $BUGRIT_API_KEY" \
        -H "Content-Type: application/json" \
        -d '{
          "applicationId": "'$BUGRIT_APP_ID'",
          "sourceType": "gitlab",
          "repoUrl": "'$CI_PROJECT_URL'",
          "branch": "'$CI_COMMIT_REF_NAME'"
        }')
      SCAN_ID=$(echo $RESPONSE | jq -r '.scan.id')

      # Poll for completion
      while true; do
        STATUS=$(curl -s -H "Authorization: Bearer $BUGRIT_API_KEY" \
          "https://bugrit.com/api/v1/scans/$SCAN_ID" | jq -r '.scan.status')
        [ "$STATUS" = "completed" ] && break
        [ "$STATUS" = "failed" ] && exit 1
        sleep 10
      done
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: $CI_COMMIT_BRANCH == "main"

CircleCI

# .circleci/config.yml
version: 2.1
jobs:
  bugrit-scan:
    docker:
      - image: cimg/base:stable
    steps:
      - checkout
      - run:
          name: Trigger Bugrit Scan
          command: |
            curl -X POST https://bugrit.com/api/v1/scans \
              -H "Authorization: Bearer ${BUGRIT_API_KEY}" \
              -H "Content-Type: application/json" \
              -d '{
                "applicationId": "'${BUGRIT_APP_ID}'",
                "sourceType": "github",
                "repoUrl": "https://github.com/'${CIRCLE_PROJECT_USERNAME}'/'${CIRCLE_PROJECT_REPONAME}'",
                "branch": "'${CIRCLE_BRANCH}'"
              }'

workflows:
  scan-on-push:
    jobs:
      - bugrit-scan

Quality Gate Script

# Check results and fail if critical issues exist
SUMMARY=$(curl -s -H "Authorization: Bearer $BUGRIT_API_KEY" \
  "https://bugrit.com/api/v1/scans/$SCAN_ID")

CRITICAL=$(echo $SUMMARY | jq -r '.scan.summary.critical')
HIGH=$(echo $SUMMARY | jq -r '.scan.summary.high')

if [ "$CRITICAL" -gt 0 ]; then
  echo "BLOCKED: $CRITICAL critical issues found"
  exit 1
fi

if [ "$HIGH" -gt 5 ]; then
  echo "BLOCKED: Too many high-severity issues ($HIGH)"
  exit 1
fi

echo "Quality gate passed"

Where to Add Secrets

CI ServiceLocation
GitHub ActionsSettings → Secrets → Actions
GitLab CISettings → CI/CD → Variables
CircleCIProject Settings → Environment Variables
JenkinsManage Jenkins → Credentials