Get Started on Cloud
BasicsPipelinesActions & ServicesEnvironmentsIntegrationsTargetsTestsDomainsSandboxesAgents & TunnelsYAMLBuddy GitFAQCLIAPI

Security Audit

View as Markdown
  • POST
  • /workspaces
  • /:workspace
  • /projects
  • /:project_name
  • /pipelines
  • /:pipeline_id
  • /actions

Creates a new Security Audit action in the pipeline

Request

REQUIRED SCOPES
EXECUTION_MANAGE
URL PARAMETERS
workspacerequiredstring
The human-readable ID of the workspace

Example: "my-company"

project_namerequiredstring
The human-readable ID of the project

Example: "my-project"

pipeline_idrequiredinteger
The ID of the pipeline

Example: 123

BODY PARAMETERS
typerequiredstring
The type of the action

Value: SECURITY_AUDIT

namerequiredstring
The name of the action
scanrequiredScanView
Configuration of the scan target, enabled scanners, severities and failure policy.
after_action_idinteger
The numerical ID of the action, after which this action should be added
trigger_timestring enum
Specifies when the action should be executed
Allowed enum:
ON_EVERY_EXECUTION,
ON_SUCCESS,
ON_FAILURE,
ON_BACK_TO_SUCCESS,
ON_WARNING,
ON_WAIT_FOR_APPROVE,
ON_TERMINATE
trigger_conditionsTriggerConditionView[]
The list of trigger conditions to meet so that the action can be triggered
run_nextstring enum
Defines whether the action should run in parallel with the next one
Allowed enum:
WAIT_ON_SUCCESS,
IN_SOFT_PARALLEL,
IN_HARD_PARALLEL
run_only_on_first_failureboolean
Defines whether the action should be executed on each failure. Restricted to and required if the trigger_time is ON_FAILURE
variablesEnvironmentVariableView[]
The list of variables you can use the action
disabledboolean
When set to true the action is disabled. By default it is set to false
timeoutinteger
The timeout in seconds
ignore_errorsboolean
If set to true the execution will proceed, mark action as a warning and jump to the next action. Doesn't apply to deployment actions
retry_countinteger
Number of retries if the action fails
retry_intervalinteger
Delay time between auto retries in seconds
loopstring[]
The list of commands that will be executed in a loop
current_revisionstring
The git revision of the last successful run of the action
ignoreIgnoreView
Rules that suppress specific findings from the scan report.

Response

RESPONSE BODY
typestring
The type of the action

Value: SECURITY_AUDIT

urlread-onlystring
API endpoint to GET this object
html_urlread-onlystring
Web URL to view this object in Buddy.works
idinteger
The ID of the action
namestring
The name of the action
current_revisionstring
The git revision of the last successful run of the action
trigger_timestring enum
Specifies when the action should be executed
Allowed enum:
ON_EVERY_EXECUTION,
ON_SUCCESS,
ON_FAILURE,
ON_BACK_TO_SUCCESS,
ON_WARNING,
ON_WAIT_FOR_APPROVE,
ON_TERMINATE
trigger_conditionsTriggerConditionView[]
The list of trigger conditions to meet so that the action can be triggered
run_nextstring enum
Defines whether the action should run in parallel with the next one
Allowed enum:
WAIT_ON_SUCCESS,
IN_SOFT_PARALLEL,
IN_HARD_PARALLEL
run_only_on_first_failureboolean
Defines whether the action should be executed on each failure. Restricted to and required if the trigger_time is ON_FAILURE
variablesEnvironmentVariableView[]
The list of variables you can use the action
disabledboolean
When set to true the action is disabled. By default it is set to false
timeoutinteger
The timeout in seconds
ignore_errorsboolean
If set to true the execution will proceed, mark action as a warning and jump to the next action. Doesn't apply to deployment actions
retry_countinteger
Number of retries if the action fails
retry_intervalinteger
Delay time between auto retries in seconds
last_execution_statusstring enum
The status of the last run of the action
Allowed enum:
INPROGRESS,
ENQUEUED,
TERMINATED,
SUCCESSFUL,
FAILED,
INITIAL,
NOT_EXECUTED,
SKIPPED,
TERMINATING,
WAITING_FOR_APPLY,
WAITING_FOR_VARIABLES,
WAITING_FOR_SETTABLE_VARIABLES,
WAITING_FOR_VT_SESSION
pipelineShortPipelineView
Short representation of a pipeline
permissionsPermissionsView
Access permissions configuration
loopstring[]
The list of commands that will be executed in a loop
scanScanView
Configuration of the scan target, enabled scanners, severities and failure policy.
ignoreIgnoreView
Rules that suppress specific findings from the scan report.

Last modified on May 25, 2026

Previous pageEdit actionNext pageGet action

Request example

curl -X POST "https://api.buddy.works/workspaces/:workspace/projects/:project_name/pipelines/:pipeline_id/actions" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{
  "name": "Security audit",
  "type": "SECURITY_AUDIT",
  "trigger_time": "ON_EVERY_EXECUTION",
  "scan": {
    "type": "IMAGE",
    "image": {
      "image_location": "PRIVATE_REGISTRY",
      "docker_registry": "DOCKER_HUB",
      "integration": "docker-hub",
      "name": "my-org/my-app",
      "tag": "v1.2.3"
    },
    "scanners": [
      "VULNERABILITY",
      "SECRET",
      "MISCONFIGURATION"
    ],
    "severities": [
      "CRITICAL",
      "HIGH",
      "MEDIUM",
      "LOW"
    ],
    "fail_only_on_fixable": true
  },
  "ignore": {
    "vulnerabilities": [
      {
        "id": "CVE-2023-45853",
        "paths": [
          "vendor/"
        ],
        "statement": "No upstream fix available, accepted risk",
        "expires_at": "2026-09-21"
      }
    ]
  }
}'
STATUS
200 OK