Drone is a relatively new continuous delivery platform built on docker. It can easily be integrated with various services such as GitHub, GitLab, or Bitbucket.

Since it is built on docker RIPS can be quickly integrated using our rips-cli docker container.

This article refers to Drone version 0.8.


In the most straightforward setup RIPS can be used as one of the build steps inside your .drone.yml file. The following example showcases this setup that breaks the build if the analysis detects more than one security vulnerability:

  base: /data
  path: src/

    image: rips/rips-cli:3
      - RIPS_BASE_URI=https://api-3.ripstech.com
      - RIPS_EMAIL
      - rips-cli -vvv rips:scan:start -a <app_id> -p /data/src/ -t 1


The required configuration options (RIPS_BASE_URI, RIPS_EMAIL, RIPS_PASSWORD) can be provided with environment variables and/or secret storage directly via drone (see documentation).

RIPS_BASE_URI is the URI of the RIPS API that should be used for scanning. Our SaaS API is available at https://api-3.ripstech.com. This API also works for trial accounts. For On-premises, make sure to also add the port of your API, for example:

Secret Storage

export DRONE_SERVER=https://your-drone-instance
export DRONE_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZXh0IjoidGVzdCIsInR5cGUiOiJ1c2VyIn0.1QZ9ikK6TCQvYcdxYWWWEjIue0s3YWYtX86yClaCxAA
drone secret add --repository your/repository --image rips/rips-cli:3 --name RIPS_EMAIL --value your-account-email
drone secret add --repository your/repository --image rips/rips-cli:3 --name RIPS_PASSWORD --value your-account-password

You will find your token here: https://your-drone-instance/account/token


You can test your build step by using the docker image mentioned in the above configuration (it will scan the directory you are currently in):

docker run --rm -it -v $PWD:/data -e RIPS_BASE_URI=api -e RIPS_EMAIL=email -e RIPS_PASSWORD=password rips/rips-cli:3 rips:scan:start -a app_id -p /data -t 1

Further Reading

Since it is the rips-cli that is running in the docker container it is best to consult the rips-cli documentation to find out more commands and configuration options.