CI/CD Integration
Integrate Manta security scans into your CI/CD pipeline using our REST API.
How It Works
Use the Manta API to run security scans as part of your CI/CD pipeline. You can fail builds when critical vulnerabilities are found, or just log warnings.
GitHub Actions
Add this workflow to .github/workflows/manta-scan.yml:
name: Manta Security Scan
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Manta Scan
id: manta
run: |
# Read your MCP server code
CODE=$(cat ./src/mcp-server/index.js | jq -Rs .)
# Call Manta API
RESULT=$(curl -s -X POST https://api.manta.red/api/scan/mcp \
-H "X-API-Key: ${{ secrets.MANTA_API_KEY }}" \
-H "Content-Type: application/json" \
-d "{\"code\": $CODE}")
# Parse results
CRITICAL=$(echo $RESULT | jq '.summary.critical // 0')
HIGH=$(echo $RESULT | jq '.summary.high // 0')
echo "critical=$CRITICAL" >> $GITHUB_OUTPUT
echo "high=$HIGH" >> $GITHUB_OUTPUT
echo "$RESULT" | jq .
- name: Fail on Critical
if: steps.manta.outputs.critical > 0
run: |
echo "❌ Found ${{ steps.manta.outputs.critical }} critical vulnerabilities"
exit 1
- name: Warn on High
if: steps.manta.outputs.high > 0
run: |
echo "⚠️ Found ${{ steps.manta.outputs.high }} high severity issues"GitLab CI
Add to your .gitlab-ci.yml:
manta-scan:
stage: test
image: alpine:latest
before_script:
- apk add --no-cache curl jq
script:
- |
CODE=$(cat ./src/mcp-server/index.js | jq -Rs .)
RESULT=$(curl -s -X POST https://api.manta.red/api/scan/mcp \
-H "X-API-Key: $MANTA_API_KEY" \
-H "Content-Type: application/json" \
-d "{\"code\": $CODE}")
CRITICAL=$(echo $RESULT | jq '.summary.critical // 0')
echo "Critical vulnerabilities: $CRITICAL"
if [ "$CRITICAL" -gt 0 ]; then
echo "Failing build due to critical vulnerabilities"
exit 1
fi
only:
- main
- merge_requestsGeneric Shell Script
Use this script in any CI system:
#!/bin/bash
set -e
# Config
API_KEY="${MANTA_API_KEY}"
CODE_FILE="./src/mcp-server/index.js"
FAIL_ON_CRITICAL=true
FAIL_ON_HIGH=false
# Read code and escape for JSON
CODE=$(cat "$CODE_FILE" | jq -Rs .)
# Run scan
echo "🔍 Running Manta security scan..."
RESULT=$(curl -s -X POST https://api.manta.red/api/scan/mcp \
-H "X-API-Key: $API_KEY" \
-H "Content-Type: application/json" \
-d "{\"code\": $CODE}")
# Parse results
CRITICAL=$(echo $RESULT | jq '.summary.critical // 0')
HIGH=$(echo $RESULT | jq '.summary.high // 0')
MEDIUM=$(echo $RESULT | jq '.summary.medium // 0')
echo "Results: $CRITICAL critical, $HIGH high, $MEDIUM medium"
# Check thresholds
if [ "$FAIL_ON_CRITICAL" = true ] && [ "$CRITICAL" -gt 0 ]; then
echo "❌ Build failed: $CRITICAL critical vulnerabilities found"
exit 1
fi
if [ "$FAIL_ON_HIGH" = true ] && [ "$HIGH" -gt 0 ]; then
echo "❌ Build failed: $HIGH high vulnerabilities found"
exit 1
fi
echo "✅ Security scan passed"
exit 0Setting Up Secrets
Store your Manta API key as a secret in your CI system:
GitHub
Settings → Secrets and variables → Actions → New repository secret
Name: MANTA_API_KEY
GitLab
Settings → CI/CD → Variables → Add variable
Key: MANTA_API_KEY, Masked: Yes
Other CI
Set environment variable MANTA_API_KEY with your API key
Build Status
No vulnerabilities at or above your fail threshold.
Critical (or high, if configured) vulnerabilities found.
Found issues below your threshold. Logged but not failed.
API error or no credits remaining. Check your API key and balance.
💡 Tip: Use Credits Wisely
Each CI scan uses 1 credit. Consider running scans only on PRs to main, or on a schedule (weekly), rather than on every push. You can also cache results and skip scans when the scanned files haven't changed.