> For the complete documentation index, see [llms.txt](https://docs.ox.security/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.ox.security/scan-and-analyze-with-ox/scanning/scanning-ci-cd-pipelines.md).

# Scanning Code and Artifacts in CI/CD Pipelines

OX Security integrates with CI/CD pipelines to scan code and artifacts changes as they are introduced. This enables early detection of vulnerabilities and misconfigurations during development, before code is merged or deployed.

Pipeline scanning is one of several targeted scanning methods supported by OX and is designed to complement the full scan.

While a full scan provides broad visibility across all repositories on a scheduled basis, pipeline scans focus on a single repository and analyze only the changes introduced in a specific push or pull request.

Benefits of pipeline scans:

* **Speed**: Pipeline scans are faster because they only analyze modified files.
* **Immediate feedback**: Scans run as soon as code is pushed or a pull request is opened.
* **Focused results**: Helps developers quickly identify and resolve newly introduced issues like secrets or vulnerabilities.

### How pipeline scanning works in OX

A pipeline scan runs automatically when triggered by version control events such as pushes or pull requests.

The scan analyzes the affected files or artifacts and reports any security findings. This allows teams to block risky builds and enforce secure coding practices early in the development lifecycle.

OX Security supports the following types of pipeline scans:

* **Pull request event scans:** Scans only the files that were modified in the source branch before it is merged into the target branch.
* **Push event scans:** Scans only the files that were modified in commits pushed to the source branch after the last successful pipeline scan on that branch.

## Setting up pipeline scans

1. Before setting up pipeline scans, make sure the repository went through a full scan.

> **Note:**\
> Pipeline scans can run even if a full scan has not been completed. However, running a full scan first is recommended for accurate and complete results, because pipeline scans rely on the application and repository data collected during the full scan.

2. Go to the **Applications** page.

<figure><img src="/files/fiT9AuA0z93MhGUr9fyE" alt=""><figcaption></figcaption></figure>

3. Select a repository for which you want to configure pipeline scanning and click the **Pipeline Settings** icon at the top.
4. In the [Pipeline Settings page, review the settings that define how the scan behaves](/scan-and-analyze-with-ox/scanning/scanning-ci-cd-pipelines/pipeline-scan-settings.md).

> **Note:** OX Security recommends using the default settings.

5. Configure the [trigger mechanism in your source control platform](/scan-and-analyze-with-ox/scanning/scanning-ci-cd-pipelines/integrating-source-control-platforms.md).
6. Go to the [**Pipeline Workflows** page to define how OX reacts to findings](/automate-with-ox-workflows/pipeline-workflows.md).
7. Validate the integration.\
   Push a code change or open a pull request to verify that the pipeline scan runs and reacts as expected.
8. [View and analyze scan results.](/scan-and-analyze-with-ox/scanning/scanning-ci-cd-pipelines/understanding-pipeline-scan-results.md)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.ox.security/scan-and-analyze-with-ox/scanning/scanning-ci-cd-pipelines.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.