CI environment variables

This document is for:

Invicti Platform

This document lists and describes the environment variables supported by the Invicti Scan CLI for use in CI/CD pipelines. These variables allow you to configure and customize automated scans when integrating Invicti DAST into your development workflows.

All variables should be defined securely using your CI/CD system's secret management features (e.g., GitHub Actions Secrets, GitLab CI/CD Variables, Jenkins Credentials).

INVICTI_API_TOKEN and INVICTI_TARGET_ID are required for scans to run.
INVICTI_SCAN_PROFILE must match a configured profile in your Invicti Platform instance.

Environment variables

Variable Name	Description	Example value	Possible values
INVICTI_API_BASE_URL	Base URL for the Invicti API (string)	https://platform.invicti.com
INVICTI_API_TOKEN	API token for authenticating CLI scan requests (string)	1234567890abcdef...
INVICTI_TARGET_ID	ID of the target to scan, as defined in the Invicti Platform (string)	abcd1234-5678-efgh-ijkl-9876mnopqrst
INVICTI_SCAN_AGENT	The scan agent to use	CloudAgent
INVICTI_REPORT_TEMPLATE	The report template to use	Comprehensive
INVICTI_LOG_LEVEL	Logging verbosity level (enum)	INFO	DEBUG, INFO, WARNING, ERROR, CRITICAL
INVICTI_SCAN_TIMEOUT	Maximum scan duration in minutes (integer)	20
INVICTI_SCAN_PROFILE	Name of the scan profile to use (string)	Full Scan
INVICTI_MINIMUM_SEVERITY	Minimum severity to break the build on finding vulnerabilities. If set, the build will fail if any vulnerabilities of that severity or higher are found. (enum)	High	Critical, High, Medium, Low, Info

For complete integration guidance, refer to the Integrate CI-driven scans document.