🛡️SecureScope
Sign InGet Started →

Ecosystem

Integrations & API

Connect SecureScope to your development ecosystem. IDE plugins, CI/CD pipelines, REST API, webhooks, and standardized SBOM exports for complete toolchain integration.

IDE Plugins

VS Code

  • Real-time inline vulnerability annotations
  • One-click scan trigger from editor
  • Quick-fix remediation suggestions
  • Finding explorer sidebar panel

IntelliJ IDEA

  • Native inspection integration
  • Security context tool window
  • Quick-fix actions for common patterns
  • Project-level scan configuration

JetBrains Suite

  • Full WebStorm, PyCharm, GoLand support
  • Shared configuration across JetBrains IDEs
  • Language-specific remediation guidance
  • Team settings synchronization

CI/CD Platforms

GitHub Actions

- uses: securescope/scan-action@v1
  with:
    scan-type: "sast,sca"
    fail-on: "critical"

GitLab CI

securescope-scan:
  image: securescope/scanner:latest
  script:
    - securescope scan --type sast,sca
  allow_failure: false

Jenkins

pipeline {
  stages {
    stage('Security') {
      steps {
        secureScopeScan types: 'sast,sca',
          failOnSeverity: 'critical'
      }
    }
  }
}

Azure DevOps

- task: SecureScopeScan@1
  inputs:
    scanType: 'sast,sca'
    failOnSeverity: 'critical'

CircleCI

- securescope/scan:
    scan-type: "sast,sca"
    fail-on: "critical"

REST API

Full-featured REST API for programmatic access to all SecureScope capabilities. Manage scans, retrieve findings, generate reports, and automate workflows.

Key Endpoints

  • POST /api/v1/scans — Create scan
  • GET /api/v1/findings — List findings
  • GET /api/v1/reports — Generate reports
  • GET /api/v1/sbom — Export SBOM

Authentication

curl -H "Authorization: Bearer $TOKEN" \
  https://api.securescope.io/v1/scans

Webhook Integrations

Subscribe to real-time events for automated workflows and notifications.

EventDescription
scan.startedTriggered when a scan begins execution
scan.completedTriggered when a scan finishes with results
finding.createdTriggered when a new vulnerability is detected
finding.resolvedTriggered when a finding is marked as resolved
compliance.driftTriggered when compliance posture changes
policy.violatedTriggered when a security policy is breached

SBOM Export Formats

CycloneDX

v1.5

Full BOM specification with vulnerability data, service definitions, and dependency graphs. Industry-standard format supported by OWASP.

SPDX

v2.3

Linux Foundation standard for software package data exchange. Comprehensive license and provenance information for supply chain transparency.

Quick Start

  1. 1

    Generate an API token

    Navigate to Settings → API Tokens and create a new token with the required scopes.

  2. 2

    Install the CLI or plugin

    npm install -g @securescope/cli
  3. 3

    Run your first scan

    securescope scan --type sast,sca --output json
  4. 4

    Add to your CI/CD pipeline

    Copy the platform-specific configuration above into your pipeline definition and configure severity thresholds.

Ready to Connect Your Toolchain?

Explore the full API reference or get started with our integration guides.

Get Started