🏃♂️ Trigger a scan
Including our security scans within the delivery flow of technical teams is a core part of Escape.
Escape only runs one concurrent scan per application. If a scan is already running on one of your apps, we will cancel it before the CI job starts a new scan on your application.
Examples
Secure my application at every commit on a specific branch
Escape will start every time a new feature branch or commit is merged on the targeted branch (this example will consider a branch named staging
), after being deployed. That way, you can immediately ensure that every new commit merged on this branch does not add new security or performance issues to your app.
When Escape notifies you of a new issue, you can either revert the concerned merge request manually or fix it in another merge request using Escape's remediations proposals (or by ignoring the issue). That way, you ensure that no issue can reach your production.
- GitHub Action
- Gitlab CI
- CLI
- API
# https://github.com/Escape-Technologies/action
name: Post Deploy
on:
push:
branches:
- staging
jobs:
Escape:
runs-on: ubuntu-latest
steps:
- name: Escape Scan
uses: Escape-Technologies/action@v0
with:
application_id: ${{ secrets.ESCAPE_APPLICATION_ID }}
api_key: ${{ secrets.ESCAPE_API_KEY }}
# timeout: 1200 (default - in seconds)
Escape:
stage: post-deploy
needs:
- deploy # name of your deployment job
variables: # you can find those secrets directly in your Escape Application Settings
- ESCAPE_APPLICATION_ID: $ESCAPE_APPLICATION_ID
- ESCAPE_API_KEY: $ESCAPE_API_KEY
# - TIMEOUT: 1200 (default - in seconds)
image: node:alpine
before_script:
- npm install -g @escape.tech/action
- npm show @escape.tech/action version
script:
- escape-action
allow_failure: true
only:
refs:
- staging
export ESCAPE_APPLICATION_ID=<YOUR APPLICATION ID>
export ESCAPE_API_KEY=<YOUR API KEY>
export TIMEOUT=1200 # The timeout for the action to run (default: 1200, 0 defines a non-blocking scan)
npm i -g @escape.tech/action
escape-action
export APPLICATION_ID=<YOUR APPLICATION ID>
export API_KEY=<YOUR API KEY>
curl -X POST \
-H "Authorization: Key $API_KEY" \
https://api-public.prod.cloud.escape.tech/applications/$APPLICATION_ID/start-scan
Trigger a non-blocking scan every time a commit is pushed on a branch
In this case, a security scan will be triggered every time a commit on the targeted branch is pushed. This job will remain non-blocking: The scan will be started, but the CI job will not wait for it to be finished before terminating. The triggered scan will run asynchronously on Escape, and your team will be notified at the end of it, using your desired integrations settings.
- GitHub Action
- Gitlab CI
- CLI
- API
# https://github.com/Escape-Technologies/action
name: Post Deploy
on:
push:
branches:
- staging
jobs:
Escape:
runs-on: ubuntu-latest
steps:
- name: Escape Scan
uses: Escape-Technologies/action@v0
with:
application_id: ${{ secrets.ESCAPE_APPLICATION_ID }}
api_key: ${{ secrets.ESCAPE_API_KEY }}
timeout: 0 # This will make the pipeline terminate as soon as the scan is started (but will not stop the scan!)
Escape:
stage: post-deploy
needs:
- deploy # name of your deployment job
variables: # you can find those secrets directly in your Escape Application Settings
- ESCAPE_APPLICATION_ID: $ESCAPE_APPLICATION_ID
- ESCAPE_API_KEY: $ESCAPE_API_KEY
- TIMEOUT: 0 # This will make the pipeline terminate as soon as the scan is started (but will not stop the scan!)
image: node:alpine
before_script:
- npm install -g @escape.tech/action
- npm show @escape.tech/action version
script:
- escape-action
allow_failure: true
only:
refs:
- staging
export ESCAPE_APPLICATION_ID=<YOUR APPLICATION ID>
export ESCAPE_API_KEY=<YOUR API KEY>
export TIMEOUT=0 # This will make the pipeline terminate as soon as the scan is started (but will not stop the scan!)
npm i -g @escape.tech/action
escape-action
export APPLICATION_ID=<YOUR APPLICATION ID>
export API_KEY=<YOUR API KEY>
curl -X POST \
-H "Authorization: Key $API_KEY" \
https://api-public.prod.cloud.escape.tech/applications/$APPLICATION_ID/start-scan