MR/PR scan in merge mode

You can trigger automated security scans for merge requests or pull requests in your CI/CD pipeline using the scan-mode=merge parameter.

Prerequisites

CI/CD integration with ASPM already set up — see DevOps pipeline integration
A valid orgid and access_key from your ASPM account

Code scan in merge mode

Add the following step to your CI/CD pipeline to trigger a code scan when creating or updating an MR/PR:

cURL code scan merge mode

The API call uses the /integration/scan-code endpoint with the ?scan-mode=merge parameter. If you already have full-source scan or commit-mode scan configured, simply change the parameter to scan-mode=merge.

Secret scan in merge mode

Add the following step to trigger a secret scan when creating or updating an MR/PR:

cURL secret scan merge mode

Like code scan, the /integration/scan-secret endpoint supports the ?scan-mode=merge parameter.

note

MR/PR scan results in merge mode are evaluated by Security Gate if the feature is enabled. See What is Security Gate to understand how PASS/FAIL works.

Prerequisites​

Code scan in merge mode​

Secret scan in merge mode​

Prerequisites

Code scan in merge mode

Secret scan in merge mode