CI/CD

Integrate MindFort into your CI/CD pipelines to automatically trigger security assessments and tasks on every push, pull request, or deployment. This ensures your applications are continuously tested for vulnerabilities as part of your development workflow.

Prerequisites

Before configuring your pipeline, you’ll need:

API Key — Generate one from the MindFort Dashboard under Settings > API Keys.
Target ID — Find this in Target Inventory by clicking on the target you want to assess.
Template ID (optional) — For templated tasks, find this under Tasks > Templates.

Store your API key as a secret in your CI/CD platform — never commit it to your repository.

GitHub Actions Examples

Trigger an Assessment

Runs a security assessment against your target on every push or PR to main. Configure the assessment method with the MINDFORT_ASSESSMENT_METHOD variable (turbo, balanced, or deep).

name: MindFort Security Assessment

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  mindfort-assessment:
    name: Trigger MindFort Assessment
    runs-on: ubuntu-latest
    steps:
      - name: Trigger Assessment
        id: trigger
        run: |
          RESPONSE=$(curl -s -w "\n%{http_code}" \
            -X POST "https://api.mindfort.app/v1/assessments/run" \
            -H "Authorization: Bearer ${{ secrets.MINDFORT_API_KEY }}" \
            -H "Content-Type: application/json" \
            -d '{
              "target_id": "${{ vars.MINDFORT_TARGET_ID }}",
              "assessment_method": "${{ vars.MINDFORT_ASSESSMENT_METHOD || 'turbo' }}"
            }')

          HTTP_CODE=$(echo "$RESPONSE" | tail -1)
          BODY=$(echo "$RESPONSE" | sed '$d')

          echo "status_code=$HTTP_CODE" >> "$GITHUB_OUTPUT"
          echo "response=$BODY" >> "$GITHUB_OUTPUT"

          if [ "$HTTP_CODE" -ne 200 ]; then
            echo "::error::MindFort API returned HTTP $HTTP_CODE: $BODY"
            exit 1
          fi

          ASSESSMENT_ID=$(echo "$BODY" | jq -r '.assessment_id')
          echo "assessment_id=$ASSESSMENT_ID" >> "$GITHUB_OUTPUT"
          echo "Assessment triggered: $ASSESSMENT_ID"

      - name: Summary
        if: always()
        run: |
          echo "### MindFort Assessment" >> "$GITHUB_STEP_SUMMARY"
          if [ "${{ steps.trigger.outputs.assessment_id }}" != "" ]; then
            echo "- **Assessment ID:** \`${{ steps.trigger.outputs.assessment_id }}\`" >> "$GITHUB_STEP_SUMMARY"
            echo "- **Status:** Triggered" >> "$GITHUB_STEP_SUMMARY"
          else
            echo "- **Status:** Failed (HTTP ${{ steps.trigger.outputs.status_code }})" >> "$GITHUB_STEP_SUMMARY"
          fi

Required secrets and variables

Type	Name	Description
Secret	`MINDFORT_API_KEY`	Your MindFort API key
Variable	`MINDFORT_TARGET_ID`	UUID of the target to assess
Variable	`MINDFORT_ASSESSMENT_METHOD`	Optional — `turbo` (default), `balanced`, or `deep`

Start a New Task

Runs a custom security task with a natural-language instruction against your target.

name: MindFort Security Task

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  mindfort-task:
    name: Run MindFort Task
    runs-on: ubuntu-latest
    steps:
      - name: Start Task
        id: task
        run: |
          RESPONSE=$(curl -s -w "\n%{http_code}" \
            -X POST "https://api.mindfort.app/v1/tasks/run" \
            -H "Authorization: Bearer ${{ secrets.MINDFORT_API_KEY }}" \
            -H "Content-Type: application/json" \
            -d '{
              "target_id": "${{ vars.MINDFORT_TARGET_ID }}",
              "message": "${{ vars.MINDFORT_TASK_MESSAGE }}",
              "task_model": "${{ vars.MINDFORT_TASK_MODEL || 'MF1_FAST' }}"
            }')

          HTTP_CODE=$(echo "$RESPONSE" | tail -1)
          BODY=$(echo "$RESPONSE" | sed '$d')

          echo "status_code=$HTTP_CODE" >> "$GITHUB_OUTPUT"
          echo "response=$BODY" >> "$GITHUB_OUTPUT"

          if [ "$HTTP_CODE" -ne 200 ]; then
            echo "::error::MindFort API returned HTTP $HTTP_CODE: $BODY"
            exit 1
          fi

          TASK_ID=$(echo "$BODY" | jq -r '.task_id')
          echo "task_id=$TASK_ID" >> "$GITHUB_OUTPUT"
          echo "Task started: $TASK_ID"

      - name: Summary
        if: always()
        run: |
          echo "### MindFort Task" >> "$GITHUB_STEP_SUMMARY"
          if [ "${{ steps.task.outputs.task_id }}" != "" ]; then
            echo "- **Task ID:** \`${{ steps.task.outputs.task_id }}\`" >> "$GITHUB_STEP_SUMMARY"
            echo "- **Status:** Started" >> "$GITHUB_STEP_SUMMARY"
          else
            echo "- **Status:** Failed (HTTP ${{ steps.task.outputs.status_code }})" >> "$GITHUB_STEP_SUMMARY"
          fi

Required secrets and variables

Type	Name	Description
Secret	`MINDFORT_API_KEY`	Your MindFort API key
Variable	`MINDFORT_TARGET_ID`	UUID of the target to test
Variable	`MINDFORT_TASK_MESSAGE`	Natural-language instruction for the task
Variable	`MINDFORT_TASK_MODEL`	Optional — `MF1_FAST` (default) or `MF1_SMART`

Start a Templated Task

Runs a pre-configured task template — no request body needed. Set up the template once in the MindFort dashboard and trigger it from your pipeline.

name: MindFort Templated Task

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  mindfort-templated-task:
    name: Run MindFort Templated Task
    runs-on: ubuntu-latest
    steps:
      - name: Start Templated Task
        id: task
        run: |
          RESPONSE=$(curl -s -w "\n%{http_code}" \
            -X POST "https://api.mindfort.app/v1/tasks/templates/${{ vars.MINDFORT_TEMPLATE_ID }}/run" \
            -H "Authorization: Bearer ${{ secrets.MINDFORT_API_KEY }}" \
            -H "Content-Type: application/json")

          HTTP_CODE=$(echo "$RESPONSE" | tail -1)
          BODY=$(echo "$RESPONSE" | sed '$d')

          echo "status_code=$HTTP_CODE" >> "$GITHUB_OUTPUT"
          echo "response=$BODY" >> "$GITHUB_OUTPUT"

          if [ "$HTTP_CODE" -ne 200 ]; then
            echo "::error::MindFort API returned HTTP $HTTP_CODE: $BODY"
            exit 1
          fi

          TASK_ID=$(echo "$BODY" | jq -r '.task_id')
          echo "task_id=$TASK_ID" >> "$GITHUB_OUTPUT"
          echo "Templated task started: $TASK_ID"

      - name: Summary
        if: always()
        run: |
          echo "### MindFort Templated Task" >> "$GITHUB_STEP_SUMMARY"
          if [ "${{ steps.task.outputs.task_id }}" != "" ]; then
            echo "- **Task ID:** \`${{ steps.task.outputs.task_id }}\`" >> "$GITHUB_STEP_SUMMARY"
            echo "- **Status:** Started" >> "$GITHUB_STEP_SUMMARY"
          else
            echo "- **Status:** Failed (HTTP ${{ steps.task.outputs.status_code }})" >> "$GITHUB_STEP_SUMMARY"
          fi

Required secrets and variables

Type	Name	Description
Secret	`MINDFORT_API_KEY`	Your MindFort API key
Variable	`MINDFORT_TEMPLATE_ID`	UUID of the task template to run

Overview

Endpoints

Prerequisites

GitHub Actions Examples

Trigger an Assessment

Start a New Task

Start a Templated Task

Overview

Endpoints

​Prerequisites

​GitHub Actions Examples

​Trigger an Assessment

​Start a New Task

​Start a Templated Task

Prerequisites

GitHub Actions Examples

Trigger an Assessment

Start a New Task

Start a Templated Task