CI/CD System integrations

Uleska provides flexible integration to CI and CD through dedicated plugins and our CLI.  Centralise all your security tools, results, and metrics with one CI/CD integration.


Use the Uleska Jenkins plugin, or add our CLI to your jobs, to manage all security tools and results.


Add Uleska CLI to your projects' GitHub Actions to let Uleska manage all your security tools and outputs in pipelines.


You can use the Uleska CLI in your CircleCI YAML jobs to add security tools and results to your CircleCI interface.


Add the Uleska CLI to Azure Pipeline templates to easily roll out Uleska hook for all your projects' security checks.


The Uleska CLI can add to your Bitbucket Pipelines so Uleska can orchestrate security tools and results.


Use our CLI as a single hook in your Harness CI YAML to run and aggregate security tool outputs.


Include us into your projects's GitLab YAML and Uleska will run open-source and commercial tools centrally.


Add the Uleska CLI once to your projects' TeamCity to let Uleska manage all security tools and results.


Bring security testing to your Travis CI pipelines with one Uleska hook.  Manage build security across all projects.

Static Code Analysis

Uleska can run any type of static code analysis (SAST) tool and aggregate the results together with other tools for ease of use. 


Add a Veracode SAST token to orchestrate testing of many languages and combine results with other tools.


Integrate your SonarQube instance, or our community version, to find code flaws in many languages.


Use Semgrep to find coding flaws in many languages including Java, C#, Python, JavaScript, and others.


Bandit is an expert open-source code scanner for the Python language. Use Uleska to run and capture results.


Uleska can run NodeJSScan to check your Node JS for security coding flaws and report with other tools.


Add Whispers secrets scanning to your security toolkit and detect leaked secrets in project repos during every build.


Integrate a MicroFocus FortifyOnDemand token to automate your larger scale software security checks.


Use the popular open-source FlawFinder tool to check your C / C++ code projects for common security coding flaws.


Automate CLOC (Count Lines of Code) for visibility of code and technology used in project repos.

Software Composition Analysis

Check your software for vulnerable 3rd party libraries in your supply chain.  These tools continually update to find the latest security issues in your dependencies.

Use Uleska to run OWASP Dependency Check, a popular open-source tool to scan your libraries for security issues.


Integrate your Snyk usage into Uleska toolkits to continually scan for the latest vulnerabilities with your dependencies.

OWASP Dependency Track is a popular open-source scanner for 3rd party libs that integrates with Uleska scans.


Automatically scan the JavaScript dependencies in your projects using the NPM Audit functionality with Uleska.


Automatically generate CycloneDX SBOMs in each release using the ORT tool in your pipelines with Uleska.

Container Security Scanning

Container security tools can crack open your container artefacts or Dockerfiles and flag any known vulnerable components.


Scan your Dockers to discover vulnerable components. With frequent vulnDB updates for new CVEs.


Use Semgrep in builds to scan Dockerfiles in your projects' repos for known bad security patterns and configurations.


Integrate JFrog Xray artefact to Uleska to scan project containers for known issues and CVEs each release.


Use open-source Checkov (Bridgecrew) to find for insecure patterns and configurations in Dockerfiles.

Dynamic Security Scanning

Run dynamic security tests and scans (DAST) against your staging, testing, and running systems to discover more types of issues detectable in run-time.


Integrate the popular BurpSuite security scanner into your projects' testing to find flaws in live websites.


Integrate OWASP ZAP web scanning into your pipelines with Uleska to automatically find dynamic flaws.


Integrate your Veracode DAST website scanning into your pipeline testing suite with Uleska integration.


Check for common security flaws, website configuration problems, and more with Nikto via Uleska.


Run dynamic MicroFocus FortifyOnDemand on your larger projects by integrating your license with Uleska.


Use the popular open-source SSLyze tool to check TLS certificates configurations on your systems.


Automate the fully features SQLMap security tool into your toolkit to find all SQL flaws in your systems.


Run the open-source w3af security scans from your security build automation with Uleska integration.


Run security checks on your web infrastructure with the popular NMap tool added to Uleska ToolKits.


Run powerful dynamic security scans with CyberRes WebInspect from your automation with Uleska.


Use Uleska and AWS Inspector to scan ports and CIS Benchmark flaws, and tie flaws back to your projects.

Infrastructure As Code Security Scanning

Continually check your Infrastructure as Code files for security flaws and misconfigurations, including Dockerfiles, Terraform, CloudFormation, Kubernetes, Helm, ARM, and Serverless.


Semgrep (from r2c) can check your repo files for Kubernetes, Dockerfile, and Terraform flaws.


Use the popular Checkov (from Bridgecrew) to security scan your IaC files and configuration.

Secrets Security Scanning

Check your project source code repos and Git histories for leaked secrets.


Use Whispers to find potential secrets and sensitive files in your project source code during pipeline runs.


Automate Semgrep (by r2c) to check for potential secret values being leaked in your project source code.


Scan for leaked secrets, tokens, and passwords in project Git histories with the open-source GitLeaks tool.


Integrate all your security tools using Uleska, and communicate updates and results to developer ecosystem tools.


Send newly discovered security issues to your projects' Jira, and update tickets when issues are fixed.


Update your project and security teams with security result updates from any tools with Uleska.


Create tickets for new security issues raised by any security tool for your project in Azure DevOps tickets.

Sign up for AppSec and DevSecOps news

You may unsubscribe at any time using the link in the email.



Ready to see the Uleska platform in action? Book a free demonstration now to see how it can help your business to automate security testing.