Generic CI

You can integrate OX with any CI/CD system that supports running Docker images, even if it’s not listed among the officially supported integrations. This method, called Generic CI Integration, lets you trigger pipeline scans by running the OX Docker image and providing the required environment variables manually.

Use this method for CI/CD systems such as Bamboo, TeamCity, or any other platform that can execute Docker containers.

Use this integration when:

• Your CI/CD system isn’t one of the officially supported platforms.

• You need a temporary solution before a native integration is developed.

• You’re running OX scans locally or in custom build environments.

How It Works

The Generic CI method runs the same Docker image used for standard pipeline integrations (oxsecurity/ox-block-mode), but does not rely on any built-in detection logic for a specific CI system. Instead, you provide a small set of environment variables that describe the repository, branch, and commit being scanned.

When the scan runs, OX treats it exactly like any other pipeline scan. The results appear in the platform under CI/CD Type: Generic, with the same blocking behavior, vulnerability display, and scan details as native integrations.

Prerequisites

Before you begin:

1. Ensure your CI/CD system can run Docker images.

2. Obtain an OX API key from your organization’s settings.

3. Make sure the repository you want to scan is already connected to OX.

Required Environment Variables

Optional Environment Variables

Example

The following example shows how to execute a Generic CI scan from any CI/CD system or even locally:

You can add optional parameters to include job metadata: