Skip to main content

🏃‍♂️ Trigger a scan

Including our security scans within the delivery flow of technical teams is a core part of Escape.

caution

Escape only runs one concurrent scan per application. If a scan is already running on one of your apps, we will cancel it before the CI job starts a new scan on your application.

Examples

Secure my application at every commit on a specific branch

Escape will start every time a new feature branch or commit is merged on the targeted branch (this example will consider a branch named staging), after being deployed. That way, you can immediately ensure that every new commit merged on this branch does not add new security or performance issues to your app.

When Escape notifies you of a new issue, you can either revert the concerned merge request manually or fix it in another merge request using Escape's remediations proposals (or by ignoring the issue). That way, you ensure that no issue can reach your production.

# https://github.com/Escape-Technologies/action
name: Post Deploy
on:
push:
branches:
- staging
jobs:
Escape:
runs-on: ubuntu-latest
steps:
- name: Escape Scan
uses: Escape-Technologies/action@v0
with:
application_id: ${{ secrets.ESCAPE_APPLICATION_ID }}
api_key: ${{ secrets.ESCAPE_API_KEY }}
# timeout: 1200 (default - in seconds)

Trigger a non-blocking scan every time a commit is pushed on a branch

In this case, a security scan will be triggered every time a commit on the targeted branch is pushed. This job will remain non-blocking: The scan will be started, but the CI job will not wait for it to be finished before terminating. The triggered scan will run asynchronously on Escape, and your team will be notified at the end of it, using your desired integrations settings.

# https://github.com/Escape-Technologies/action
name: Post Deploy
on:
push:
branches:
- staging
jobs:
Escape:
runs-on: ubuntu-latest
steps:
- name: Escape Scan
uses: Escape-Technologies/action@v0
with:
application_id: ${{ secrets.ESCAPE_APPLICATION_ID }}
api_key: ${{ secrets.ESCAPE_API_KEY }}
timeout: 0 # This will make the pipeline terminate as soon as the scan is started (but will not stop the scan!)