Integrate Cortex Cloud Application Security CI/CD Security with your CircleCI system to enable automated and continuous scanning of your CI/CD pipelines. This integration provides proactive security checks, triggered by pipeline events or configuration changes, ensuring security issues are detected and remediated throughout the entire deployment lifecycle.
Pipeline scans are executed using the Cortex CLI, and include automated actions based on scan results to enforce security policies and prevent vulnerable deployments.
Note
This integration utilizes a Personal Access Token (PAT) for authentication
CircleCI onboarding offers both code and CI/CD scanning. A single integrated instance supports either code or CI scanning, but not both. If you require both code and CI scanning for your CircleCi environment, you must create two separate integrations, selecting the appropriate scanning type for each. To onboard CircleCI for code scans, refer to CircleCI for code scans
Prerequisite
Before you begin:
CircleCI user requirements:
Permissions: To enable Cortex Cloud visibility for all CircleCI projects, a version control system (VCS) user with integration permissions must be authorized (For example, Organization Owner permissions are required to onboard GitHub SaaS, while in GitLab SaaS you must be a Maintainer). This is because CircleCI's user base integrates with the VCS, inheriting its user permissions. For example, if a GitHub user has access to specific organizations and repositories, these entities are visible and available in CircleCI
Best practice: Create a dedicated VCS user to integrate CircleCI with Cortex Cloud, to prevent the integration breaking if the user leaves the organization
Ensure that the dedicated user follows all the organization’s projects in CircleCI
Create a personal API token in CircleCI (see step 1 below). This is required to allow reading the configurations from CircleCI for all projects the user has access to
Onboarding steps
Generate a personal API token on CircleCI.
Login to your CircleCI instance with your VCS user credentials.
Create and save a personal API token. For more information about CircleCI tokens, refer to https://circleci.com/docs/managing-api-tokens/#creating-a-personal-api-token.
On the Cortex Cloud console:
Search for and hover over CircleCI and click Add, or Add Another Instance if an instance is already onboarded.
On the Select Integration step of the integration wizard, select → .
On the Enable CI/CD system scanning step of the integration wizard:
Enter an instance name: This can be any name you choose; it serves as an alias for your integration.
→ .
Verify that the Instance Successfully Created message is displayed in the last step of the wizard and click .
Verify integration and confirm that the your integrated CircleCI instance has a status of Connected.
On the Data Sources & Integrations page, locate CircleCI.
Hover over and select the resulting entry.
Locate your CircleCI instance and verify that the status is Connected and that Pipeline Risks is the instance type.
Next step: View scan results and mitigate issues.
Manage data source integrations
Manage integrations to align with evolving requirements and ensure they remain current.
Navigate to → and use the Vendor filter to located the required integration.
Select your vendor from the list.
The integrated instances for the selected vendor are displayed.
Right-click on an instance and select an option:
: Redirects to the Select Repositories step of the integration wizard, where you can modify configurations for the selected instance. For more details, refer to the relevant integration guide
: When confirmed, deletes the instance, including data from previous scans
Copy entire row – Copies all column values for the selected row to the clipboard.