CI Integration

CI Integration allows you to aggregate security scanning results from your CI/CD pipelines directly into Sentry's unified monitoring dashboard. Instead of managing security findings across multiple tools and platforms, centralize everything in one place for streamlined triage and response.

Why Aggregate Security Scans?

Fragmented Security Tools

Modern development pipelines use multiple security tools.

Each tool has its own dashboard, alert system, and reporting format, leading to:

Alert fatigue from multiple channels
Missed critical findings in tool-specific UIs
Difficulty prioritizing across tool types
No unified security posture view

Sentry's Solution

Aggregate all security scan results into Sentry:

Single Dashboard: View all security findings together
Unified Prioritization: Compare severity across tool types
Contextual Alerts: Integrate with other Sentry monitoring
Streamlined Workflow: Assign, track, and resolve from one interface

Integration Setup

API Key Generation

Navigate to Monitoring → CI Integration
Click Generate API Key
Copy the generated key (store securely)
Add key to your CI/CD secrets:
- GitHub Actions: secrets.SENTRY_API_KEY

GitHub Actions Integration

Sentry provides ready-to-use GitHub Actions workflows:

Pre-Built Workflow Generator:

Select security tools you use
Copy generated workflow YAML
Add to .github/workflows/sentry-security-scan.yml
Commit and push

Example Workflow (Gitleaks):

name: Security Scan - Sentry Integration

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main, develop ]

jobs:
  security-scan:
    runs-on: ubuntu-latest
    
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Run Gitleaks
        uses: gitleaks/gitleaks-action@v2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Send Results to Sentry
        if: always()
        run: |
          curl -X POST https://sentry.auditware.io/api/cicd/scan-results \
            -H "Content-Type: application/json" \
            -H "X-API-Key: ${{ secrets.SENTRY_API_KEY }}" \
            -d @results.json

Result Format

Sentry accepts results in SARIF - Standard format for static analysis results

This allows us to add more security tools that output that format in a matter of hours!

Viewing Scan Results

CI Integration Dashboard

Access aggregated scan results:

Recent Scans: Latest scan executions with timestamps
Findings by Severity: Critical, High, Medium, Low counts
Tool Breakdown: Results grouped by scanning tool
Trend Analysis: Finding counts over time
Repository View: Results filtered by repository

Finding Details

Each security finding includes:

Tool: Which scanner detected the issue
Severity: Risk level (Critical → Low)
Category: Vulnerability type (SQL Injection, XSS, etc.)
Location: File, line number, code snippet
Description: Detailed explanation of the issue
Remediation: Fix suggestions and references
Status: New, Acknowledged, False Positive, Fixed

Workflow Management

Triage: Review new findings, assess actual risk

Assignment: Assign findings to developers for remediation

Tracking: Monitor remediation progress

Verification: Re-scan to confirm fixes

False Positives: Mark and document false positives to reduce noise

Alert Configuration

Alert Rules

Create custom rules for CI scan findings:

Alert on any Critical severity finding
Alert when High severity count increases
Daily digest of new Medium/Low findings
Specific alerts for certain vulnerability types (secrets, SQL injection)

Notification Channels

Send CI scan alerts to:

Email (security team distribution list)
Slack channels
Discord servers
PagerDuty (for critical findings)
Custom webhooks

Scan Performance: Security scans can increase CI time. Consider running comprehensive scans on schedules (nightly) and lightweight scans on every commit to balance security and developer velocity.

PreviousAlert Types & Response NextAlert Webhooks

Last updated 1 hour ago

Good night