Spectra Assure Integrations
Learn more about supported CLI and Portal integrations, and choose the best one for your organization.
Continuous integration and continuous delivery (CI/CD) are essential to the modern software development lifecycle. To help you build and deliver secure software, ReversingLabs maintains official CI/CD integrations for Spectra Assure products that you can use in new and existing software development projects.
This page lists all official integrations for the Spectra Assure CLI and the Spectra Assure Portal.
Which integration should you use?โ
Spectra Assure integrations support a variety of use-cases, but it can be difficult to pick the best one if you're not yet familiar with all the products.
To find out which integrations we recommend for your use-case, answer the following few questions.
Your answers are not stored or sent anywhere, and you can refresh the page at any point to start over.
Choosing YES started the software producer decision branch
- Your use-case matches the Software Producer persona.
- Your answers indicate you don't want to send software artifacts to ReversingLabs and you don't need CI/CD automation. Based on this, we recommend you use the Spectra Assure CLI directly.
- Your use-case matches the Software Producer persona.
- Your answers indicate you can send software artifacts to ReversingLabs and you don't need CI/CD automation. Based on this, we recommend you use the Spectra Assure Portal UI.
- Your use-case matches the Software Producer persona.
- Your answers indicate you can send software artifacts to ReversingLabs and you plan to set up CI/CD automation. Based on this, we recommend several options that integrate with the Spectra Assure Portal. You can choose an integration depending on your preferred CI/CD tool.
- GitHub: use the Portal GitHub Action
- Azure DevOps Pipelines: use the Portal Azure DevOps extension
- Other tools: use the Portal Docker image
- Your use-case matches the Software Producer persona.
- Your answers indicate you cannot send software artifacts to ReversingLabs, but you plan to set up CI/CD automation. Based on this, we recommend several options that integrate with the Spectra Assure CLI. You can choose an integration depending on your preferred CI/CD tool.
- GitHub: use the CLI GitHub Action
- Azure DevOps Pipelines: use the CLI Azure DevOps extension
- Other tools: use the CLI Docker image
Choosing NO started the enterprise buyer decision branch
- Your use-case matches the Enterprise Buyer persona.
- Your answers indicate you don't want to send software artifacts to ReversingLabs. Based on this, we recommend you use the Spectra Assure CLI directly.
- Your use-case matches the Enterprise Buyer persona.
- Your answers indicate you don't need CI/CD automation. Based on this, we recommend you use the Spectra Assure Portal UI.
- Your use-case matches the Enterprise Buyer persona.
- Your answers indicate you can send software artifacts to ReversingLabs and you need automated scans in CI/CD pipelines. Based on this, we recommend several options that integrate with the Spectra Assure Portal.
- Portal API if you want to create custom workflows
- Portal SDK if you prefer a Python-based ready-made solution
Official Docker imagesโ
ReversingLabs provides official Docker images for easier automation and integration with CI/CD tools. The images are published on Docker Hub and based on Rocky Linux 9.
There are two official Spectra Assure Docker images:
- rl-scanner is primarily intended for Spectra Assure CLI users, as it closely aligns with the CLI workflows and makes it easier to deploy the CLI in various environments.
- rl-scanner-cloud is mainly for Spectra Assure Portal users who want to build their own integrations on top of the Portal features.
The following table lists more detailed differences between these two Docker images that should help you choose the most appropriate image for your use-case.
| rl-scanner | rl-scanner-cloud | |
|---|---|---|
| Endpoint access | Connects to api.reversinglabs.com and data.reversinglabs.com | Connects to a user-specified Portal instance (my.secure.software/{server}/api) |
| Scanning | Software packages are scanned inside the Docker container, on the local system where the container is running. | Software packages are scanned in the cloud, on the Portal instance to which they are uploaded. |
| Password management | Users can provide passwords or (Base64-encoded) password list files to allow decrypting password-protected archives during the scan and getting complete analysis reports. | Not supported at this time. The analysis reports will indicate that the file content is protected by an unknown password. |
| Policy controls | If a permanent package store is used with the Docker image, users can modify policies through local configuration files. | Any existing policy configuration for the user's organization and group on the Portal automatically applies. |
| Reports | Users can choose the report format(s) they want to generate, and automatically save the reports to local storage or as pipeline artifacts. | Users can choose the report format(s) they want to generate and save them to local storage or as pipeline artifacts. The SAFE report (rl-html format) is always generated, but it's accessible only in the Portal web interface. By default, the direct link to the SAFE report on a Portal instance is included in the Docker command output. |
| Accounts and licensing | A valid rl-secure license with site key is required to use the Docker image. The size of analyzed files is deducted from the monthly analysis capacity tied to the user's rl-secure account. | An active Portal account with a Personal Access Token is required to use the Docker image. The size of analyzed files is deducted from the monthly limit configured for the user's group and designated for projects. |
Select a Docker image to access its configuration and usage instructions:
Spectra Assure CLI integrationsโ
This section lists the official Spectra Assure CLI integrations currently provided by ReversingLabs. All integrations come with usage instructions and examples.
In general, the CI/CD integrations rely on the rl-scanner Docker image to run rl-secure in a container, scan a single build artifact, and generate an analysis report.
A valid, active rl-secure license with a site key is required to use the integrations.
Spectra Assure Portal integrationsโ
This section lists the official Portal integrations currently provided by ReversingLabs. All integrations come with usage instructions and examples.
In general, the CI/CD integrations rely on the rl-scanner-cloud Docker image to connect to a Portal instance from the container and upload the artifact to the Portal for scanning.
An active Portal account with a Personal Access Token is required to use the integrations.
Spectra Assure Portal SDKโ
ReversingLabs provides an official Python SDK (software development kit) for the Spectra Assure Portal. You can use it to integrate the Portal and interact with it in your own applications. The SDK provides access to operations supported by the Portal API.
You can install the SDK library directly from PyPI as spectra-assure-sdk.
For usage instructions and examples, refer to the documentation in the SDK GitHub repository.
Build your own integrationsโ
Download Spectra Assure policy metadata
ReversingLabs maintains a public GitHub repository with metadata source files for Spectra Assure policies. All Spectra Assure products use this same metadata in analysis reports. The metadata repository is a valuable resource for everyone who plans to integrate Spectra Assure products into their solutions and workflows.
Access the metadataLeverage the Spectra Assure Portal API
The Portal API is a public resource that you can use to automate common Portal actions and use the Projects feature more efficiently. The API can help you speed up workflows in your development and DevOps teams, integrate with other software supply chain security tools, and build your own solutions on top of Spectra Assure Portal.
Get started with the API