SaaSFort Integrations
Security scanning in every pipeline
Gate deployments on security score. Run a full 66-check scan from GitHub Actions, GitLab CI, or Jenkins in under 60 seconds.
Generate API key
Go to Dashboard → Account → Generate API Key. Key starts with sf_. Store it as a CI secret.
Add to pipeline
Call POST /api/v1/ci with your domain and threshold. Returns verdict: pass or fail.
Gate on score
HTTP 200 = pass, HTTP 422 = fail. Exit your pipeline step on 422. Set threshold (0-100) and fail_on severity level.
GitHub Actions
Trigger on push or pull_request
# Add SAASFORT_API_KEY to GitHub Secrets → Settings → Secrets → Actions
name: SaaSFort Security Scan
on: [push, pull_request]
jobs:
security:
runs-on: ubuntu-latest
steps:
- name: SaaSFort Security Gate
env:
SAASFORT_API_KEY: ${{ secrets.SAASFORT_API_KEY }}
run: |
RESULT=$(curl -sf -X POST https://api.saasfort.com/api/v1/ci \
-H "Content-Type: application/json" \
-H "X-API-Key: $SAASFORT_API_KEY" \
-d '{"domain":"your-domain.com","threshold":70}')
echo "$RESULT" | jq .
VERDICT=$(echo "$RESULT" | jq -r .verdict)
echo "Verdict: $VERDICT"
if [ "$VERDICT" = "fail" ]; then
echo "Security gate failed"
exit 1
fiCopy-paste from Dashboard → API Key → Get config snippet
GitLab CI
.gitlab-ci.yml
# SAASFORT_API_KEY → Settings → CI/CD → Variables
security-scan:
stage: test
script:
- |
RESULT=$(curl -sf -X POST \
https://api.saasfort.com/api/v1/ci \
-H "Content-Type: application/json" \
-H "X-API-Key: $SAASFORT_API_KEY" \
-d '{"domain":"your-domain.com"}')
echo "$RESULT" | jq .
[ "$(echo $RESULT | jq -r .verdict)" = "pass" ]Jenkins
Declarative pipeline
// Jenkinsfile
pipeline {
stages {
stage('Security Gate') {
steps {
withCredentials([string(
credentialsId: 'saasfort-api-key',
variable: 'SAASFORT_KEY'
)]) {
script {
def r = sh(script: """
curl -sf -X POST \
https://api.saasfort.com/api/v1/ci \
-H 'X-API-Key: ${SAASFORT_KEY}' \
-d '{"domain":"your-domain.com"}'
""", returnStdout: true)
def j = readJSON text: r
if (j.verdict == 'fail') error(j.reason)
}
}
}
}
}
}API Reference
All endpoints use X-API-Key: sf_… or Authorization: Bearer <jwt> headers.
/api/v1/ci Run a scan + quality gate. Returns verdict: pass/fail. HTTP 200 = pass, 422 = fail.
{"domain","threshold","fail_on"} /api/v1/ci/config?platform=github Get copy-paste CI snippets for github, gitlab, or jenkins.
/api/scan/webhook Async scan — queues and POSTs results to your callback URL when complete.
{"domain","callback_url","threshold"} /api/me/api-key Generate or rotate your API key. Requires JWT auth.
Async Webhook
For long-running scans or event-driven architectures. Fire-and-forget — results POST to your endpoint when ready.
curl -X POST https://api.saasfort.com/api/scan/webhook \
-H "X-API-Key: sf_your_key" \
-H "Content-Type: application/json" \
-d '{
"domain": "your-domain.com",
"callback_url": "https://your-app.com/security-hook",
"threshold": 70
}'
# Response:
{ "ok": true, "scan_id": "abc123", "status": "queued" }
# Your callback receives:
{
"verdict": "pass",
"score": 85,
"grade": "B",
"domain": "your-domain.com",
"result": { ... }
}NIS2-Ready Badge
Companies with grade B or above can embed a verifiable badge — on their website, LinkedIn, and security questionnaires.
# Get your SVG badge URL
curl https://api.saasfort.com/api/badge/svg?domain=your-domain.com
# HTML embed (put this on your site)
<img src="https://api.saasfort.com/api/badge/svg?domain=your-domain.com"
alt="NIS2-Ready by SaaSFort"
width="200" />
# Verify any badge
curl https://api.saasfort.com/api/badge/verify?domain=your-domain.comBadge auto-revokes if grade drops below B. Available on Growth plan and above.
Ready to gate deployments on security?
Generate your API key in the dashboard — 14-day Growth trial, no credit card.