TeamCity Plugin

The MetaDefender Software Supply Chain for TeamCity plugin allows you to trigger repository scans as part of your continuous integration pipeline. When a build runs, the plugin contacts MDSSC, launches an on-demand scan for the current repository and branch, waits for the results, and fails the build if findings exceed the policy you set.

Supported Versions

ComponentSupported versions
TeamCity server2020.1+ (validated with 2024.x)
TeamCity agentSame as server; requires outbound HTTPS access to MDSSC
MetaDefender Software Supply ChainVersion 2.5.3 with API access and a configured workflow

Before You Begin

  • Collect an MDSSC webhook URL and API key with rights to access the target workflow.
  • Ensure the repository you plan to scan already exists in the MDSSC workflow.
  • Sign in to TeamCity with an account that can upload plugins and edit build configurations.

Step 1: Install the Plugin in TeamCity

  1. Open Administration → Plugins.
  2. Select Upload plugin ZIP and choose OPSWAT-MDSSC-v<version>.zip.
  3. Restart the TeamCity server if prompted.
  4. Verify the plugin appears in the Installed Plugins list as MetaDefender Software Supply Chain for TeamCity.

To upgrade, repeat the same steps with a newer ZIP. To remove the integration, delete the plugin from the list and restart.

Step 2: Add an MDSSC Build Step

  1. Edit the build configuration where you need MDSSC scanning.
  2. Go to Build Steps → Add build step.
  3. Choose MetaDefender Software Supply Chain for TeamCity.
  4. Provide a descriptive name and complete the configuration fields below.
FieldRequiredDescription
MDSSC Webhook URLYesThe webhook URL generated by the MDSSC workflow. The plugin decodes it to identify the workflow and storage service.
MDSSC API KeyYesAPI key with rights to query workflow details and launch scans. Store the key as a secure TeamCity parameter (for example secure:mdssc.api.key) and reference it instead of entering plain text.
Fail build on vulnerability severityOptional (default: High)Lowest severity that should fail the build. Options: low, medium, high, critical, off The build always fails if MDSSC detects malware, secrets, or blocked licenses, regardless of this setting.

Secure parameters: Create secure parameters such as secure:mdssc.webhook and secure:mdssc.api.key, then reference them in the build step using %secure:parameterName%.

Monitoring and Reporting

  • Use the TeamCity build log to track progress. Search for MDSSC workflow, MDSSC scan, and Full MDSSC security report.
  • The detailed report link opens the scan in the MDSSC portal, where you can view remediation guidance, SBOM data, and historical results.
  • Agent logs (<teamcity-agent>/logs/teamcity-agent.log) contain extended debug output if you enable verbose logging.

Maintenance

  • Upgrade: Upload the new ZIP and restart. TeamCity replaces the previous version automatically.
  • Rollback: Re-upload an earlier ZIP or remove the plugin entirely from the Administration page.
  • Uninstall: Delete the plugin from the Installed Plugins list and restart the server.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
On This Page
TeamCity PluginSupported VersionsBefore You BeginStep 1: Install the Plugin in TeamCityStep 2: Add an MDSSC Build StepMonitoring and ReportingMaintenance