CI/CD Security Testing

Automated security testing for your deployment pipeline

Integrate security header scanning into your CI/CD workflow. Catch missing headers, TLS misconfigurations, and security regressions before they reach production.

View integration docsGet your API key
RESTJSON API
<5sResponse time
6,000API calls/mo
Automated security checks on every deploy. Zero manual effort, instant feedback in your pipeline.

Single API call integration

One API call returns your complete security assessment: overall score, header grades, TLS details, and recommendations in structured JSON. Works with any HTTP client or CI tool.

$ curl -H "X-API-Key: sss_your_key" \

https://api.sitesecurityscore.com/v1/scan \

-d ''{"url": "https://example.com"}''

// Response

{

"score": 87,

"grade": "B+",

"headers": { ... }

}

GitHub Actions and GitLab CI ready

Drop a workflow file into your repo and start scanning on every push or pull request. The scanner runs as a pipeline step and fails the build if the score drops below your threshold.

- name: Security Header Check

run: |

SCORE=$(curl -s -H "X-API-Key: ${{ secrets.SSS_KEY }}" \

https://api.sitesecurityscore.com/v1/scan \

-d '{"url": "${{ env.SITE_URL }}"}' | jq '.score')

echo "Security Score: $SCORE"

if [ "$SCORE" -lt 70 ]; then

echo "Score below threshold!" && exit 1

fi

Score threshold build gates

Set a minimum security score for your project. When the score drops below your threshold, the pipeline fails immediately. Catch regressions before they reach users.

Security scan complete

Score: 84/100 (B+)

Threshold: 70

Status: PASSED

--- Next run ---

Security scan complete

Score: 52/100 (D)

Threshold: 70

Status: FAILED - score below threshold

Where SiteSecurityScore fits in your pipeline

Git push
CI pipeline
Security scan
Team alert

How it works

01

Get your API key

Sign up and generate an API key. Free tier includes 50 calls per month.

02

Add to your pipeline

Drop the scan step into your CI config with your target URL and threshold.

03

Ship with confidence

Every deployment is checked. Regressions are caught before production.

Frequently asked questions

How do I integrate security scanning into my CI/CD pipeline?

Use the SiteSecurityScore API in any CI/CD system that supports HTTP calls. Generate an API key from your dashboard, add it as a secret in your CI environment, and call the scan endpoint as a pipeline step. We provide ready-made examples for GitHub Actions, GitLab CI, and Jenkins.

What API endpoints are available for scanning?

The primary endpoint is POST /v1/scan which accepts a URL and returns the full security assessment including overall score, letter grade, individual header analysis, TLS details, and recommendations. The response is structured JSON that can be parsed with standard tools like jq.

What are the API rate limits?

Rate limits depend on your plan. Free: 10 requests per minute with 50 calls per month. Pro: 30 requests per minute with 1,000 calls per month. Business: 60 requests per minute with 6,000 calls per month. All plans include unlimited web UI scans.

How do I set a score threshold for my build?

After calling the API, extract the score field from the JSON response and compare it to your minimum threshold. If the score is below your threshold, exit with a non-zero code to fail the build. Our GitHub Actions example shows this pattern using jq and a simple shell comparison.

Related use cases

Security AuditSecurity Scan APIMCP ConnectorCompliance Audits

Automate your security checks

Add security scanning to your pipeline in minutes. Free API key with 50 calls per month.

Get your API key