API keys for pipelines to trigger scans and check the merge gate
Scan Schedules
Automated recurring and one-time security scans
Reports & Exports
PDF, Excel, HTML, CSV and JSON reports for completed scans
📄
No Report Selected
Select a project and a completed scan to generate reports.
Account Center
Manage your profile, security, and preferences
?
Loading…
● Member since
● Last login
—
Projects
—
Scans Run
—
Notifications
Profile
Password
Security
Notifications
Activity
Personal Information
Email changes require admin support
Profile Picture
Upload your own photo (JPG or PNG, max 2 MB) or use a coloured avatar below.
?
Stored on this device.
Avatar Style
Or choose an accent colour (used when no photo is set).
?
Your Name
Preview
Quick Links
Change Password
At least 8 characters
Uppercase letter
Number
Special character
Session Management
Sign out all devices to revoke every active session. You will be logged out here too.
Account Security Status
🔐
Password
Bcrypt-hashed. Change regularly to stay secure.
Hashed & Secure
🔄
Sessions
JWT (30 min) + revocable refresh tokens (7 days).
Protected
🔓
Account Lockout
Locks after 5 failed logins. Auto-unlocks after 15 min.
Active
📋
Audit Trail
All logins and security events are logged with IP and device.
Enabled
Account Details
Failed Logins
0
Cleared on successful login
Account Status
Active
⚠ Danger Zone
Delete Account
Permanently deletes your account along with all of your projects, targets, scans and findings. This cannot be undone.
Notification Preferences
Control which in-app alerts you receive from SecureCI.
Security Alerts
Warnings about suspicious login activity
Scan Completion
Notify when a scan you started finishes
Critical Findings
Alert when critical vulnerabilities are discovered
Admin Messages
Messages sent directly by administrators
Policy Gate Failures
Notify when a CI/CD gate is blocked
Recent Notifications
🔔
No notifications
Admin alerts appear here
Activity Summary
0
Total Logins
0
Unique Devices
0
Failed Attempts
Device History
Loading…
Login & Security Events
Loading activity…
Notification Center
Scan updates, security alerts, admin warnings and system messages
🕐 New Scan Schedule
⚠ Delete Account
This permanently deletes your account and all of your projects, targets, scans and findings. This action cannot be undone.
Finding Detail
✦ New Project
Add Target
Finding Detail
New Security Policy
Block on Critical
Block CI/CD merge when critical findings exist
Block on High
Block when high findings exceed the limit below
Max High Findings
Fail the pipeline if high-severity findings exceed this number
Block on Medium
Block when medium findings exceed the limit below
Max Medium Findings
Fail the pipeline if medium-severity findings exceed this number
Notify on Complete
Send alert when scan finishes
🔑 New CI/CD API Key
Copy this key now — it won't be shown again. Add it to your pipeline as SECURECI_API_KEY.
📖 Connect your CI/CD pipeline
On every pull request your pipeline calls SecureCI over HTTPS — it starts the scans, waits for them, then asks the gate to pass or fail. A failed gate fails the CI check, and your branch-protection rule blocks the merge. Scans run on SecureCI's servers, not your runner.
1
Create an API key. Use + New API Key above, choose the project, and copy the sci_… key (shown once). The project's active policy is pinned to it.
2
Add three secrets to your repo (Settings → Secrets):
SECURECI_API_URL…
SECURECI_PROJECT_ID…
SECURECI_API_KEYthe sci_… key from step 1
3
Add the pipeline file. Commit the ready-made template: GitHub → .github/workflows/secureci-scan.yml, GitLab → include secureci-scan.yml, Jenkins → the Jenkinsfile stage. Each just makes these three calls:
# 1. Trigger scans → returns {"scan_ids":[...]}
curl -X POST "$SECURECI_API_URL/api/v1/cicd/trigger" -H "X-API-Key: $SECURECI_API_KEY" -H "Content-Type: application/json" -d '{"project_id":"$SECURECI_PROJECT_ID","target_value":"REPO_OR_URL","scan_types":["sast","sca","secrets"]}'
# 2. Poll until all scans finish → {"completed":true}
curl -X POST "$SECURECI_API_URL/api/v1/cicd/status-batch" -H "X-API-Key: $SECURECI_API_KEY" -H "Content-Type: application/json" -d '{"scan_ids":["..."]}'
# 3. Check gate — fail the build if passed=false → {"passed":true|false}
curl -X POST "$SECURECI_API_URL/api/v1/cicd/gate-batch" -H "X-API-Key: $SECURECI_API_KEY" -H "Content-Type: application/json" -d '{"scan_ids":["..."]}'
4
Require the check. In your repo's branch protection, mark the SecureCI job as a required status check. From then on a failing gate blocks the merge automatically.
The gate uses the policy pinned to the key at creation. If you delete that policy, revoke the key first. Times are UTC.
⬙ Export Report
Choose your export format. PDF and HTML include full vulnerability details, evidence, and AI-generated remediation. Excel includes all findings in a structured spreadsheet.
💡 Pro tip: Export Excel to share with management. Export PDF for compliance reports.