Skip to main content
Automate security scanning by integrating Vidoc into your CI/CD pipelines.

CI Command

Use the dedicated ci command for automated environments: 
vidoc ci --token $VIDOC_TOKEN
The ci command runs in non-interactive mode, optimized for CI/CD pipelines.

CI Command Options

OptionShortDescription
--token <token>Authentication token (required in CI)
--force-reindex-fForce complete reindex
--only-indexingIndex only, skip full scan
--profile <name>-pUse named profile
--api-url <url>Override API URL (for single-tenant)
--config <path>-cCustom config file path

GitHub Actions

# .github/workflows/security.yml
name: Security Scan

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  vidoc-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: actions/setup-node@v4
        with:
          node-version: '20'

      - name: Install Vidoc CLI
        run: npm i -g @vidocsecurity/cli

      - name: Run Security Scan
        run: vidoc ci --token ${{ secrets.VIDOC_TOKEN }}

Store the Secret

  1. Go to GitHub repo → Settings → Secrets → Actions
  2. Click “New repository secret”
  3. Name: VIDOC_TOKEN
  4. Value: Your token from Vidoc dashboard

GitLab CI

# .gitlab-ci.yml
security-scan:
  image: node:20
  stage: test
  script:
    - npm i -g @vidocsecurity/cli
    - vidoc ci --token $VIDOC_TOKEN
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH

Store the Variable

  1. Go to GitLab project → Settings → CI/CD → Variables
  2. Add variable: VIDOC_TOKEN
  3. Mark as “Masked” and “Protected”

CircleCI

# .circleci/config.yml
version: 2.1

jobs:
  security-scan:
    docker:
      - image: cimg/node:20.0
    steps:
      - checkout
      - run:
          name: Install Vidoc CLI
          command: npm i -g @vidocsecurity/cli
      - run:
          name: Run Security Scan
          command: vidoc ci --token $VIDOC_TOKEN

workflows:
  security:
    jobs:
      - security-scan

Jenkins

// Jenkinsfile
pipeline {
    agent any

    environment {
        VIDOC_TOKEN = credentials('vidoc-token')
    }

    stages {
        stage('Security Scan') {
            steps {
                sh 'npm i -g @vidocsecurity/cli'
                sh 'vidoc ci --token $VIDOC_TOKEN'
            }
        }
    }
}

Azure DevOps

# azure-pipelines.yml
trigger:
  - main

pool:
  vmImage: 'ubuntu-latest'

steps:
  - task: NodeTool@0
    inputs:
      versionSpec: '20.x'

  - script: npm i -g @vidocsecurity/cli
    displayName: 'Install Vidoc CLI'

  - script: vidoc ci --token $(VIDOC_TOKEN)
    displayName: 'Security Scan'

Bitbucket Pipelines

# bitbucket-pipelines.yml
image: node:20

pipelines:
  default:
    - step:
        name: Security Scan
        script:
          - npm i -g @vidocsecurity/cli
          - vidoc ci --token $VIDOC_TOKEN

Single-Tenant Installations

For self-hosted Vidoc, include the API URL: 
vidoc ci --token $VIDOC_TOKEN --api-url https://your-vidoc-instance.com

Best Practices

Cache CLI Installation

Speed up pipelines by caching: 
# GitHub Actions example
- uses: actions/cache@v4
  with:
    path: ~/.npm
    key: npm-vidoc-cli

Use Profiles for Different Environments

# Create profiles for different projects
vidoc login --profile prod --token $PROD_TOKEN
vidoc login --profile staging --token $STAGING_TOKEN

# Use in CI
vidoc ci --profile prod

Viewing Results

After CI scans complete:
  1. Go to app.vidocsecurity.com
  2. Select your project
  3. View issues in the dashboard
  4. Check PR-specific results in Pull Requests

Troubleshooting

”Unauthorized” in CI

  1. Verify VIDOC_TOKEN secret is set correctly
  2. Check the token hasn’t been revoked
  3. Ensure the token has proper permissions

Scan Timeout

For large codebases, increase your CI job timeout. First scans take longer due to initial indexing.

”No files found”

Ensure the checkout step runs before the scan and the working directory is correct.

CLI Scanning

Scan command details

Authentication

Token setup

API Keys

Manage tokens

Issues

Review results