Appcanary + Continuous Integration

One neat way to use Appcanary is in tandem with your continuous integration service. This way, you can automatically keep Appcanary up to date or cause builds with security vulnerabilities to fail before your code gets deployed.

Here we'll show you how to integrate Appcanary with CircleCI but the same principle should apply to any other continuous integration service you might use.


1. Set up the Appcanary gem

We're going to assume a Rails app here. In your Gemfile, add the line:

gem "appcanary"

and run bundle install to update packages.


Next, create a file at config/initializers/appcanary.rb and add the following line:

Appcanary.api_key = ENV["APPCANARY_API_KEY"] || "api key not set"

Great! Time to test that it works. In a terminal, type:

  APPCANARY_API_KEY=<YOUR_TOKEN_HERE> \
  bundle exec rake appcanary:check

If that command exits without any errors, you're good to go!


2. Set up CircleCI

Now let's create a circle.yml file. You can configure Appcanary to do either (or both!) of the following:

  1. Fail the build if a dependency has a security vulnerability
  2. Create or update a monitor, which will notify if you it becomes vulnerable in the future

To fail the build if there are vulnerabilities, add the following:

test:
  # [ ... other dependency bits elided ... ]
  post:
    - bundle exec rake appcanary:check

To update a monitor on every build, add the following instead:

test:
  # [ ... other dependency bits elided ... ]
  post:
    - bundle exec rake appcanary:update_monitor

3. Configure API key

Finally, go to your project's settings page and add your Appcanary API key to your build's environment variables:

  APPCANARY_API_KEY=<YOUR_TOKEN_HERE>

And you're done. Rejoice!

Canary map.medium.stroke