Skip to main content

Overview

Deploying Continum CLI to your team ensures everyone has the same security standards. There are two approaches: manual setup and automated deployment.

Deployment Options

Manual Setup

Each team member installs and configures the CLI individually. Best for small teams or initial testing.

Automated Deployment

CLI installs automatically when team members clone and set up the project. Recommended for larger teams.

Manual Setup

Each team member follows these steps:
1

Install CLI Globally

npm install -g @continum/cli
2

Login to Continum

continum login
This authenticates with their Continum account. Each developer needs their own account.
3

Clone Project

git clone your-repo
cd your-repo
4

Initialize Continum

continum init
This installs the pre-commit hook using the existing configuration.

Pros and Cons

Pros:
  • Simple and straightforward
  • Full control over each installation
  • Easy to troubleshoot
Cons:
  • Manual process for each developer
  • Easy to forget or skip
  • No enforcement of installation
Automatically install the CLI when developers set up the project.

Setup

Add to your project’s package.json: 
{
  "scripts": {
    "postinstall": "continum init --silent"
  },
  "devDependencies": {
    "@continum/cli": "^0.1.0"
  }
}

Team Member Workflow

1

Install CLI Globally (One Time)

npm install -g @continum/cli
This only needs to be done once per machine.
2

Login (One Time)

continum login
Authenticate with Continum. Only needed once per machine.
3

Clone and Install

git clone your-repo
cd your-repo
npm install
The postinstall script automatically runs continum init, installing the pre-commit hook.

How It Works

  1. Developer clones the repository
  2. Developer runs npm install
  3. The postinstall script runs automatically
  4. continum init installs the pre-commit hook
  5. The hook uses the committed configuration
  6. Developer is protected immediately
The silent flag makes initialization non-interactive, perfect for automated scripts.

Configuration Management

Commit Configuration

Always commit your configuration to your repository: 
git add .continum.json
git commit -m "Add Continum configuration"
git push
This ensures all team members use the same scanning rules.

Update Configuration

When you update configuration, changes apply to all team members on their next commit: 
vim .continum.json
git add .continum.json
git commit -m "Update Continum config"
git push
Team members get the updated configuration automatically when they pull.

Pattern Syncing

Approved patterns sync automatically across your team:
1

Developer Approves Pattern

One team member encounters and approves a new credential pattern.
2

Pattern Saved

The pattern is saved to your Continum account.
3

Automatic Distribution

Other team members receive the pattern automatically on their next scan.
4

Consistent Protection

Everyone now catches this credential type locally.
No manual distribution needed—patterns sync automatically.

Onboarding New Developers

Onboarding Checklist

Provide new team members with this checklist:
1

Create Continum Account

Sign up at app.continum.co
2

Install CLI

npm install -g @continum/cli
3

Login

continum login
4

Clone and Setup

git clone repo-url
cd repo-name
npm install
5

Verify Installation

continum status

CI/CD Integration

Integrate Continum CLI into your CI/CD pipeline.

GitHub Actions

name: Security Scan
on: [push, pull_request]
jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Setup Node.js
        uses: actions/setup-node@v2
        with:
          node-version: '18'
      - name: Install Continum CLI
        run: npm install -g @continum/cli
      - name: Setup Credentials
        env:
          CONTINUM_API_KEY: ${{ secrets.CONTINUM_API_KEY }}
        run: |
          mkdir -p ~/.continum
          echo '{"apiUrl":"https://api.continum.dev","apiKey":"'$CONTINUM_API_KEY'"}' > ~/.continum/credentials.json
      - name: Initialize Continum
        run: continum init --silent
      - name: Scan Files
        run: continum scan $(git ls-files)
Store your CONTINUM_API_KEY as a secret in your CI/CD platform. Never commit it to your repository.

Troubleshooting

The postinstall script will fail silently if the CLI is not installed globally. Add a check to your postinstall script.
The init command will fail if not logged in. Developers need to run continum login first.
Verify the hook is installed by checking the git hooks directory. If missing, run continum init.
Ensure the configuration file is committed and all developers have pulled the latest version.

Best Practices

Document Requirements

Add CLI setup to your project README and onboarding documentation.

Enforce in CI/CD

Run scans in your CI/CD pipeline as a backup to local scanning.

Regular Updates

Keep the CLI updated to get the latest patterns and features.

Team Training

Train your team on how to handle pattern approvals and false positives.

Next Steps

Configuration

Customize scanning behavior

Pattern Learning

Learn how pattern detection works