Ship Secure, Ship Fast

Pentest on Every Deploy.
One API Call.

Drop TurboPentest into your CI/CD pipeline and run an agentic AI pentest with 15 tools on every push, PR, or schedule. External network and web application coverage, results in up to 4 hours - not weeks.

15
Security tools
<4h
Time to results
1
API call to start
0
Config headaches

Three Steps to Automated Pentest

1

Get an API key

Generate a key from your account settings. Takes 10 seconds.

2

Add to your pipeline

Paste a few lines of YAML into your CI config. That's the whole setup.

3

Get pentest results

15 tools run against your target. Report with validated findings lands in up to 4 hours.

Official Action

GitHub Actions

The fastest way to add external network and web app pentesting to your workflow. Drop our official action into any repo and get security results in your PR checks automatically.

  • Runs on every push, PR, or schedule
  • Results posted as PR check annotations
  • Optional white box mode with repo access
  • Zero dependencies - just add the action

White-box analysis: Connect your repo to unlock SAST, SCA, and secret detection alongside the standard external pentest - giving you deeper coverage from a single integration.

View on GitHubGet API Key
.github/workflows/pentest.yml
# .github/workflows/pentest.yml
name: AI Pentest
on:
  schedule:
    - cron: '0 3 * * 1'   # Weekly Monday 3am
  workflow_dispatch:        # Manual trigger

jobs:
  pentest:
    runs-on: ubuntu-latest
    steps:
      - uses: integsec/turbopentest-action@v1
        with:
          target-url: https://your-app.com
          api-key: ${{ secrets.TURBOPENTEST_API_KEY }}
          # Optional: connect repo for white box analysis
          # repo-url: ${{ github.server_url }}/${{ github.repository }}

One API. Every Platform.

Every integration is a single POST request. If your platform can run curl, you can pentest.

Quick Start
# Start a pentest from anywhere
curl -X POST https://turbopentest.com/api/pentests \
  -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"targetUrl":"https://your-app.com"}'

That's it. 15 tools run automatically. Report delivered to your pentests page.

Works With Your Stack

Copy-paste into your CI config file. Each example is a complete, working integration.

GitLab CI/CD

API Ready
.gitlab-ci.yml
pentest:
  stage: test
  image: curlimages/curl:latest
  script:
    - |
      curl -sf -X POST https://turbopentest.com/api/pentests \
        -H "Authorization: Bearer $TURBOPENTEST_API_KEY" \
        -H "Content-Type: application/json" \
        -d '{"targetUrl":"$TARGET_URL"}'

Jenkins

API Ready
Jenkinsfile
stage('AI Pentest') {
  steps {
    sh '''
      curl -sf -X POST https://turbopentest.com/api/pentests \
        -H "Authorization: Bearer ${TURBOPENTEST_API_KEY}" \
        -H "Content-Type: application/json" \
        -d '{"targetUrl":"https://your-app.com"}'
    '''
  }
}

CircleCI

API Ready
.circleci/config.yml
jobs:
  pentest:
    docker:
      - image: cimg/base:current
    steps:
      - run:
          name: AI Pentest
          command: |
            curl -sf -X POST https://turbopentest.com/api/pentests \
              -H "Authorization: Bearer $TURBOPENTEST_API_KEY" \
              -H "Content-Type: application/json" \
              -d '{"targetUrl":"$TARGET_URL"}'

Azure DevOps

API Ready
azure-pipelines.yml
- task: Bash@3
  displayName: 'AI Pentest'
  inputs:
    targetType: 'inline'
    script: |
      curl -sf -X POST https://turbopentest.com/api/pentests \
        -H "Authorization: Bearer $(TURBOPENTEST_API_KEY)" \
        -H "Content-Type: application/json" \
        -d '{"targetUrl":"$(TARGET_URL)"}'

Post-Pentest Integrations

Route pentest results where your team already works. Get notified instantly and track remediation without switching tools.

Slack Notifications

Available

Get real-time alerts in your Slack channels when pentests complete. Receive a summary of findings with severity breakdown so your team can triage immediately.

  • Instant notifications when results are ready
  • Severity summary with critical finding counts
  • Direct links to full pentest reports

Configure via incoming webhook URL in your account settings.

Jira Issue Creation

Available

Automatically create Jira tickets for critical and high-severity findings. Each ticket includes the finding details, reproduction steps, and remediation guidance - ready for your dev team to pick up.

  • Auto-create tickets for critical findings
  • Includes reproduction steps and remediation
  • Maps severity to Jira priority levels

Connect your Jira instance via OAuth in your account settings.

Coming Soon

VS Code Extension

Trigger pentests and view results without leaving your editor. Run pentests on localhost or deployed URLs.

From Zero to Pentested in 5 Minutes

Generate an API key, paste a few lines into your pipeline, and get your first pentest report. No agents to install. No config files to wrangle.

Get Your API KeyNeed Help? Talk to Us