CI/CD Integrations

Finite State Continuous Integration and Continuous Delivery (CI/CD) integrations allow you to automatically upload your build artifacts to Finite State for analysis. This allows you to automatically scan your binaries and third party scan results for vulnerabilities and other issues as part of your build process.

Official CI/CD Plugins & Extensions

Github Actions Marketplace

Azure DevOps Marketplace Extensions

Other Official Plugins & Extensions

  • Coming Soon: Jenkins

CI/CD Integrations using the SDK

  1. In the Finite State platform, create an Artifact to represent the files you will be uploading.
  2. Get the Artifact / Asset ID (it is at the end of this url:
  3. Configure secrets in your CI/CD environment for the following:
    • FS_CLIENT_ID - The CLIENT_ID for your API key
    • FS_CLIENT_SECRET - The secret for your API key
    • FS_ORGANIZATION_CONTEXT - The ID of the Organization you belong to
  4. Create your build artifact as normal as part of the CI/CD process
  5. Get a token for using the API, using the CLIENT_ID and CLIENT_SECRET
# Step 5: Get a token
import finite_state_sdk

# get the secrets from your environment
FS_CLIENT_ID = os.environ['FS_CLIENT_ID']

# get the token for using the API (it is valid for 24 hours)
token = finite_state_sdk.get_auth_token(FS_CLIENT_ID, FS_CLIENT_SECRET)
  1. Add a step in your build to upload to Finite State. Note the quick_scan option is set to True which is especially useful for CI/CD environments.
# Step 6: For a Binary Upload
asset_id = '123456789'  # this won't change for each run
version_name = '1.0.0'  # this will change based on your build
file_path = 'path/to/file'  # the location where your build artifact is stored locally
response = finite_state_sdk.create_new_asset_version_and_upload_binary( \
  token, FS_ORGANIZATION_CONTEXT, asset_id=asset_id, version=version_name, \
  file_path=file_path, quick_scan=True)
print("Uploaded the binary for Finite State Binary Analysis")
  1. Your binary will automatically be scanned by Finite State Binary Analysis. You can check the status of the scan by using the response object from the previous step.