Book a demo Get started

Integrations

Wire Chainsaw into your CI and package managers in ten lines

Chainsaw proxies the registry, so the integration surface is small: one token and one URL per package manager. Below are copy-paste snippets for the CI systems we see most often, and the full list of supported ecosystems, SIEM sinks, and identity providers.

CI providers

Copy-paste snippets for your pipeline

Replace chainsaw.acme.example with your Chainsaw URL, substitute @default for your org slug, and store CHAINSAW_CLIENT_ID + CHAINSAW_CLIENT_SECRET in your CI's secret store. Snippets use npm; the same shape works for every package manager Chainsaw supports.

GitHub Actions

- name: Configure Chainsaw
  env:
    CHAINSAW_CLIENT_ID: ${{ secrets.CHAINSAW_CLIENT_ID }}
    CHAINSAW_CLIENT_SECRET: ${{ secrets.CHAINSAW_CLIENT_SECRET }}
  run: |
    AUTH=$(printf '%s' "$CHAINSAW_CLIENT_ID:$CHAINSAW_CLIENT_SECRET" | base64)
    echo "registry=https://chainsaw.acme.example/repository/@default/npmjs/" >> .npmrc
    echo "//chainsaw.acme.example/repository/@default/npmjs/:_auth=$AUTH" >> .npmrc
    echo "//chainsaw.acme.example/repository/@default/npmjs/:always-auth=true" >> .npmrc
- name: Install
  run: npm ci

GitLab CI

install:
  script:
    - AUTH=$(printf '%s' "$CHAINSAW_CLIENT_ID:$CHAINSAW_CLIENT_SECRET" | base64)
    - echo "registry=https://chainsaw.acme.example/repository/@default/npmjs/" >> ~/.npmrc
    - echo "//chainsaw.acme.example/repository/@default/npmjs/:_auth=$AUTH" >> ~/.npmrc
    - echo "//chainsaw.acme.example/repository/@default/npmjs/:always-auth=true" >> ~/.npmrc
    - npm ci

Jenkins

withCredentials([usernamePassword(credentialsId: 'chainsaw',
  usernameVariable: 'CHAINSAW_CLIENT_ID', passwordVariable: 'CHAINSAW_CLIENT_SECRET')]) {
  sh '''
    AUTH=$(printf '%s' "$CHAINSAW_CLIENT_ID:$CHAINSAW_CLIENT_SECRET" | base64)
    echo "registry=https://chainsaw.acme.example/repository/@default/npmjs/" > .npmrc
    echo "//chainsaw.acme.example/repository/@default/npmjs/:_auth=$AUTH" >> .npmrc
    echo "//chainsaw.acme.example/repository/@default/npmjs/:always-auth=true" >> .npmrc
    npm ci
  '''
}

CircleCI

- run:
    name: Configure Chainsaw
    command: |
      AUTH=$(printf '%s' "$CHAINSAW_CLIENT_ID:$CHAINSAW_CLIENT_SECRET" | base64)
      echo "registry=https://chainsaw.acme.example/repository/@default/npmjs/" >> ~/.npmrc
      echo "//chainsaw.acme.example/repository/@default/npmjs/:_auth=$AUTH" >> ~/.npmrc
      echo "//chainsaw.acme.example/repository/@default/npmjs/:always-auth=true" >> ~/.npmrc
- run: npm ci

Azure Pipelines

- script: |
    AUTH=$(printf '%s' "$(CHAINSAW_CLIENT_ID):$(CHAINSAW_CLIENT_SECRET)" | base64)
    echo "registry=https://chainsaw.acme.example/repository/@default/npmjs/" >> ~/.npmrc
    echo "//chainsaw.acme.example/repository/@default/npmjs/:_auth=$AUTH" >> ~/.npmrc
    echo "//chainsaw.acme.example/repository/@default/npmjs/:always-auth=true" >> ~/.npmrc
    npm ci
  displayName: Install via Chainsaw

Buildkite

steps:
  - label: "Install"
    command: |
      AUTH=$(printf '%s' "$CHAINSAW_CLIENT_ID:$CHAINSAW_CLIENT_SECRET" | base64)
      echo "registry=https://chainsaw.acme.example/repository/@default/npmjs/" >> .npmrc
      echo "//chainsaw.acme.example/repository/@default/npmjs/:_auth=$AUTH" >> .npmrc
      echo "//chainsaw.acme.example/repository/@default/npmjs/:always-auth=true" >> .npmrc
      npm ci

Drone CI

kind: pipeline
type: docker
name: default

steps:
  - name: install
    image: node:20
    environment:
      CHAINSAW_CLIENT_ID:
        from_secret: chainsaw_client_id
      CHAINSAW_CLIENT_SECRET:
        from_secret: chainsaw_client_secret
    commands:
      - AUTH=$(printf '%s' "$CHAINSAW_CLIENT_ID:$CHAINSAW_CLIENT_SECRET" | base64)
      - echo "registry=https://chainsaw.acme.example/repository/@default/npmjs/" >> .npmrc
      - echo "//chainsaw.acme.example/repository/@default/npmjs/:_auth=$AUTH" >> .npmrc
      - echo "//chainsaw.acme.example/repository/@default/npmjs/:always-auth=true" >> .npmrc
      - npm ci

Full guide with per-ecosystem variations: Integrate with CI/CD pipelines →

Package ecosystems

Sixteen ecosystems, one proxy

Every ecosystem runs transparently — no lockfile changes, no wrapper scripts. Links go to the per-ecosystem how-to in the docs.

Outbound destinations

SIEM and webhook sinks

Every decision leaves an audit record. Stream the record wherever your on-call, audit, or incident tooling lives.

  • Splunk HEC Structured audit events, per-policy routing. Unlimited.
  • Microsoft Sentinel CEF over TLS syslog to an AMA / CEF forwarder. Unlimited.
  • IBM QRadar CEF over TLS syslog to a QRadar log source. Unlimited.
  • Prometheus / Grafana 50+ counters, gauges, and histograms from the /metrics endpoint. All plans.
  • Slack / MS Teams / PagerDuty Any webhook receiver. Five webhooks per user on every plan.
  • Generic SIEM JSON over webhook or syslog. Pipe into your collector of choice.

Identity providers

SSO and SCIM on Unlimited

Any SAML 2.0 or OIDC-compliant IdP works. These are the ones we see most often and have explicit setup guides for.

  • Okta SAML 2.0 · OIDC · SCIM 2.0
  • Microsoft Entra SAML 2.0 · OIDC · SCIM 2.0
  • Google Workspace OIDC · SCIM 2.0
  • Auth0 OIDC
  • Keycloak OIDC
  • Any SAML 2.0 / OIDC IdP Compliant providers

Missing an integration you need?

Ask — most take less than a week

If you need a CI provider we haven't documented or a SIEM we don't support yet, tell us. Most integrations are a format translation, not a new feature.

Talk to sales Talk to sales