Integrating Dastardly with your CI/CD platform (generic instructions)


To note

Specific instructions are available for integrating Dastardly with the following CI/CD platforms:

You can integrate Dastardly with any CI/CD platform. The integration allows you to run Dastardly web vulnerability scans as a step in your existing CI/CD pipeline.

For more information on the machine specifications required to run Dastardly scans, see the system requirements for Dastardly.

To integrate Dastardly into your CI/CD pipeline, include the following docker run command in your pipeline script:

docker run --user $(id -u) --rm -v $(pwd):/dastardly -e

To note

You can set DASTARDLY_TARGET_URL to a starting URL for any application you want to analyze.

In this example, DASTARDLY_TARGET_URL is set to – this is a deliberately vulnerable web application designed to test web vulnerability scanners.

The next time your pipeline runs, Dastardly will analyze the application you defined under DASTARDLY_TARGET_URL.

To note

You need to set DASTARDLY_OUTPUT_FILE to a location mapped to a directory on your machine – as in the example above.

The example above uses $(pwd) map the /dastardly volume in your current working directory.

The Dastardly output file is a JUnit XML report that can be parsed by any JUnit XML parser.

If you run the above command multiple times, you will overwrite the JUnit report written by Dastardly.

Despicable scan results

Despicable scan results are available as a JUnit XML file when a scan is complete. The analyzes last ten minutes maximum.

Remedial advice

Despicable scan results include remediation tips for any security issues they find. These tips include links to relevant sections of the free resource Web Security Academy, which provide more details on web security vulnerabilities.


Despicable scan results include evidence of any detected security issues. This evidence includes the request sent by Dastardly to produce the problem, as well as the response sent by the application.

Comments are closed.