DevOps5 min read

Azure DevOps and GitLab CI: Running Vibgrate Beyond GitHub

Vibgrate is not GitHub-only. Whether your team uses Azure DevOps, GitLab CI, Jenkins, CircleCI, or any other CI system, the CLI integrates with a few lines of configuration. Here is how to set up drift scanning in non-GitHub pipelines.

Luke Geaves

Luke Geaves

Vibgrate Blog

Works Everywhere CI Works

Vibgrate is a Node.js CLI tool. It runs on any system with Node 20+ installed. It produces standard output formats (text, JSON, SARIF). It returns meaningful exit codes. That means it integrates with every CI system — not just GitHub Actions.

Azure DevOps

Add a script step to your azure-pipelines.yml:

steps:
  - script: npx @vibgrate/cli scan . --format sarif --out vibgrate.sarif --fail-on error
    displayName: 'Vibgrate Drift Scan'

  - task: PublishBuildArtifacts@1
    inputs:
      PathtoPublish: vibgrate.sarif
      ArtifactName: VibgrateSARIF
    condition: always()

For dashboard upload, add the DSN as a pipeline variable (mark it as secret):

  - script: npx @vibgrate/cli scan . --push --fail-on error
    displayName: 'Vibgrate Scan + Push'
    env:
      VIBGRATE_DSN: $(VIBGRATE_DSN)

GitLab CI

Add a job to your .gitlab-ci.yml:

vibgrate:
  image: node:20
  script:
    - npx @vibgrate/cli scan . --format sarif --out vibgrate.sarif --fail-on error
  artifacts:
    reports:
      sast: vibgrate.sarif
    when: always

GitLab natively supports SARIF files as SAST reports. Once uploaded, drift findings appear in the Security Dashboard and in merge request widgets.

For dashboard upload:

vibgrate:
  image: node:20
  script:
    - npx @vibgrate/cli scan . --push --fail-on error
  variables:
    VIBGRATE_DSN: $VIBGRATE_DSN

Store the DSN as a masked CI/CD variable in your project settings.

Jenkins

pipeline {
  agent { docker { image 'node:20' } }
  stages {
    stage('Drift Scan') {
      steps {
        sh 'npx @vibgrate/cli scan . --format sarif --out vibgrate.sarif --fail-on error'
        archiveArtifacts artifacts: 'vibgrate.sarif', allowEmptyArchive: true
      }
    }
  }
}

CircleCI

jobs:
  vibgrate:
    docker:
      - image: cimg/node:20.0
    steps:
      - checkout
      - run: npx @vibgrate/cli scan . --fail-on error

Generic Integration Pattern

For any CI system, the pattern is the same:

  1. Ensure Node 20+ is available.
  2. Run npx @vibgrate/cli scan . --fail-on error.
  3. Optionally add --format sarif --out vibgrate.sarif for SARIF output.
  4. Optionally add --push with VIBGRATE_DSN for dashboard upload.
  5. Exit code 0 = pass, exit code 2 = drift threshold exceeded.

No login, no authentication (unless pushing to dashboard), no agent installation, no Docker image to pull. Just npx and your manifests.

The Vibgrate Drift Intelligence Engine was designed to work in any environment — because upgrade drift does not care which CI system you use, and neither should your drift tooling.

Add drift gates to your pipeline. Sign up at dash.vibgrate.com to get your DSN and start tracking drift in Azure DevOps, GitLab, Jenkins, or any CI system.

Topics

#azure-devops#gitlab-ci#jenkins#ci-cd#vibgrate-cli#integration

Sources & References

Back to all articles