Introduction

Introduction

This is the official documentation page for Flyingduck portal.
The Flyingduck platform comprehensively analyzes all stages of your DevOps pipeline to identify potential security risks, including vulnerabilities, misconfigurations, secrets exposure, and lapses in security best practices. By correlating activities and timelines across different stages, our platform ensures that security processes are properly implemented, providing you with end-to-end visibility into your application's security posture.

To access security insights, manage issues, and strengthen your codebase, it’s essential to integrate your DevOps tools with Flyingduck. This documentation will guide you through the prerequisites, account setup, and integration process.

Getting Started with Flyingduck

This portal helps you integrate your DevOps tools with Flyingduck and leverage its security features to enhance your application’s security posture.

Prerequisites

  • You must have Admin or Owner permissions in your DevOps organization account (e.g., Azure DevOps, GitHub, or Bitbucket) to perform integrations.
  • You must have Owner permissions in Flyingduck to manage integrations.

Account Setup

  1. Sign up for a new account on the Flyingduck portal.
  2. Log in to your account.

Integration Setup

  1. From the sidebar, navigate to the Integrations section.
  2. Select your preferred DevOps provider (e.g., Azure DevOps, GitHub, or Bitbucket).
  3. Follow the guided prompts to complete the integration.

Integration Options

After choosing your preferred DevOps tool, you’ll be presented with three integration methods. Each option provides different capabilities depending on your needs.

Feature Availability by Integration Type

FeatureCLI IntegrationWorkflow IntegrationApp Integration
Packages
OSS Vulnerabilities
Secrets
SAST
Guardrails
Organization Details
List of Repositories
Commit Analysis

CLI Integration

Use the CLI integration when you need to quickly scan your repository for issues without setting up any additional workflows. This is a simple, one-step process you can run directly from your terminal.

Here’s how to do it:

  1. Clone your repository to your local machine or server.
git clone https://github.com/username/repo-name.git
  1. Navigate to the cloned repository directory.
cd <repo-name>
  1. Run the provided CLI command to start the scan.
docker run -e FD_API_KEY=${FD_API_KEY} -v ${PWD}:/src --entrypoint /bin/bash flyingduckio/duckdefender:latest -c "duckdefender code --all"
  1. Replace ${FD_API_KEY} with the actual API key generated from the portal.
    📌 Make sure the API key is valid and correct before running the command.

  2. The above command will scan for SBOM, SCA, Secrets and SAST present in the repository.
    Click here for other CLI options

  3. Once the scan is complete, you can view the results directly in the portal.

👉 Note:
The scan will always run against the latest commit present in the cloned repository at the time of execution. Make sure your repository is up to date before running the scan to get the most accurate results.

This integration is perfect for command-line environments, CI servers, or any situation where you prefer immediate, on-demand checks without integrating into your source control system.

Tip:
Use CLI integration for quick assessments or before pushing code to make sure your repository is clean.


Summary

With your DevOps tools integrated into Flyingduck, you can begin monitoring and securing your pipelines with enhanced visibility, continuous scanning, and actionable security insights.