Integrations
Security scanning that fits your workflow
Add NullShield to your CI/CD pipeline, receive alerts in Slack or Teams, and automate remediation with webhooks and our REST API.
CI/CD
GitHub Actions
Scan every deployment automatically. Add a single step to your workflow and NullShield will check for security vulnerabilities after each deploy.
Quick start
Add this step to any GitHub Actions workflow. Store your API key as a repository secret called NULLSHIELD_API_KEY.
name: Deploy & Scan
on:
push:
branches: [main]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# ... your deploy steps ...
- name: NullShield Security Scan
uses: nullshield/security-scan@v1
with:
api-key: ${{ secrets.NULLSHIELD_API_KEY }}
target-url: 'https://your-site.com'
fail-on: 'HIGH' # CRITICAL, HIGH, MEDIUM, LOW, or noneInputs
| Input | Required | Default | Description |
|---|---|---|---|
| api-key | Yes | — | Your NullShield API key |
| target-url | Yes | — | The URL to scan after deployment |
| fail-on | No | HIGH | Fail when findings meet this severity or above |
| wait-timeout | No | 300 | Max seconds to wait for scan completion |
Outputs
Use outputs in downstream steps for conditional logic, Slack notifications, or dashboard updates.
- name: NullShield Security Scan
id: security
uses: nullshield/security-scan@v1
with:
api-key: ${{ secrets.NULLSHIELD_API_KEY }}
target-url: 'https://your-site.com'
- name: Comment on PR
if: always()
uses: actions/github-script@v7
with:
script: |
const score = '${{ steps.security.outputs.score }}';
const grade = '${{ steps.security.outputs.grade }}';
const url = '${{ steps.security.outputs.scan-url }}';
github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: `Security scan: **${score}/100 (${grade})**. [Full report](${url})`,
});Events
Webhooks
Receive real-time notifications when scans complete. NullShield sends a signed POST request to your endpoint with full scan results.
Setting up a webhook
- Go to Settings → Webhooks in your NullShield dashboard.
- Add your endpoint URL (must accept
POSTrequests over HTTPS). - Select the events you want to receive:
scan.completed,scan.failed. - Copy the signing secret and verify the
X-NullShield-Signatureheader on each request.
Payload example
{
"event": "scan.completed",
"timestamp": "2026-04-02T10:30:00Z",
"data": {
"scanId": "scan_abc123",
"targetUrl": "https://your-site.com",
"securityScore": 82,
"grade": "B",
"findingsCount": 5,
"criticalCount": 0,
"highCount": 1,
"mediumCount": 2,
"lowCount": 2,
"reportUrl": "https://app.nullshield.org/scans/scan_abc123"
}
}Notifications
Slack & Microsoft Teams
Get scan results where your team already works. Use webhooks to push NullShield alerts into any channel.
Slack
- Create an Incoming Webhook in your Slack workspace.
- Paste the webhook URL in NullShield Settings → Notifications.
- Choose which scan events trigger messages.
- Done — scan summaries appear in your chosen channel.
Microsoft Teams
- Create a Workflows connector in your Teams channel.
- Copy the webhook URL and add it in NullShield settings.
- NullShield formats messages as Adaptive Cards.
- Your team sees score, grade, and a link to the full report.
Developer
REST API
Full programmatic access to NullShield scanning. Create targets, trigger scans, and retrieve results.
Authentication
Pass your API key as a Bearer token in the Authorization header.
curl -X POST https://api.nullshield.org/api/v1/scan \
-H "Authorization: Bearer ns_live_abc123..." \
-H "Content-Type: application/json" \
-d '{"targetUrl": "https://your-site.com"}'Core endpoints
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/v1/scan | Start a new security scan |
| GET | /api/v1/scan/:id | Get scan status and results |
| GET | /api/v1/scans | List scans for your organisation |
| POST | /api/v1/targets | Create a scan target |
| GET | /api/v1/targets | List your targets |
| GET | /api/v1/credits | Check your credit balance |
Rate limit: 100 requests per 10 seconds. All responses follow a consistent JSON structure with error.code and error.message fields on failure.
Ready to automate your security scanning?
Get your API key and start scanning in under five minutes. Free tier includes 10 scans per month.