CI/CD Integration

Bitbucket Pipelines

Add Redactyl to your Bitbucket Pipelines

Basic Pipeline

Add to bitbucket-pipelines.yml:

image: golang:1.21

pipelines:
  default:
    - step:
        name: Secret Scanning
        script:
          - go install github.com/redactyl/redactyl@latest
          - redactyl scan --no-tui

With Artifacts

Save findings as artifacts:

pipelines:
  default:
    - step:
        name: Secret Scanning
        script:
          - go install github.com/redactyl/redactyl@latest
          - redactyl scan --json > redactyl-findings.json
        artifacts:
          - redactyl-findings.json

Pull Request Scanning

pipelines:
  pull-requests:
    '**':
      - step:
          name: PR Secret Scan
          script:
            - go install github.com/redactyl/redactyl@latest
            - redactyl scan --no-tui

Container Scanning

pipelines:
  default:
    - step:
        name: Build
        services:
          - docker
        script:
          - docker build -t myapp:$BITBUCKET_COMMIT .
          - docker save myapp:$BITBUCKET_COMMIT > image.tar
        artifacts:
          - image.tar

    - step:
        name: Scan Image
        script:
          - go install github.com/redactyl/redactyl@latest
          - redactyl scan image.tar --json > findings.json
        artifacts:
          - findings.json

definitions:
  services:
    docker:
      memory: 2048

Helm Chart Scanning

pipelines:
  default:
    - step:
        name: Scan Helm Charts
        script:
          - go install github.com/redactyl/redactyl@latest
          - redactyl scan --helm ./charts --json > helm-findings.json
        artifacts:
          - helm-findings.json

Branch-Specific Scanning

pipelines:
  branches:
    main:
      - step:
          name: Full Scan
          script:
            - go install github.com/redactyl/redactyl@latest
            - redactyl scan --deep --no-tui

    feature/*:
      - step:
          name: Quick Scan
          script:
            - go install github.com/redactyl/redactyl@latest
            - redactyl scan --staged --no-tui

Scheduled Scans

pipelines:
  schedules:
    - schedule:
        cron: '0 0 * * *'
        branches:
          - main
        steps:
          - step:
              name: Nightly Scan
              script:
                - go install github.com/redactyl/redactyl@latest
                - redactyl scan --deep --json > nightly-findings.json
              artifacts:
                - nightly-findings.json

Using Repository Variables

Set variables in Bitbucket settings:

pipelines:
  default:
    - step:
        script:
          - go install github.com/redactyl/redactyl@latest
          - redactyl scan --severity $REDACTYL_SEVERITY --no-tui

Caching

Speed up builds with caching:

pipelines:
  default:
    - step:
        name: Secret Scanning
        caches:
          - go
        script:
          - go install github.com/redactyl/redactyl@latest
          - redactyl scan --no-tui

definitions:
  caches:
    go: /go/pkg/mod

Fail Conditions

Continue on findings (for visibility without blocking):

pipelines:
  default:
    - step:
        name: Secret Scanning
        script:
          - go install github.com/redactyl/redactyl@latest
          - redactyl scan --json > findings.json || true
        after-script:
          - cat findings.json
        artifacts:
          - findings.json

Parallel Steps

pipelines:
  default:
    - parallel:
        - step:
            name: Secret Scan
            script:
              - go install github.com/redactyl/redactyl@latest
              - redactyl scan --no-tui

        - step:
            name: Build
            script:
              - npm install
              - npm run build

Azure Pipelines

Add Redactyl to your Azure DevOps pipelines

On this page

Basic PipelineWith ArtifactsPull Request ScanningContainer ScanningHelm Chart ScanningBranch-Specific ScanningScheduled ScansUsing Repository VariablesCachingFail ConditionsParallel Steps