Jenkins is an automation server that enables software developers to build automation into their projects by supplying plugins. Jenkins functionality can be extended by using our new Netsparker Cloud Scan Jenkins plugin.
This article explains how to install and configure the new Netsparker Cloud Scan Jenkins Plugin to enable our advanced integration functionality so that you can launch automated scans and view reports of vulnerabilities in Jenkins.
Downloading and Installing the Netsparker Cloud Scan Jenkins Plugin
The plugin is packaged into an hpi file called netsparker-cloud-scan.hpi. This package has been tested and approved for Jenkins version 2.33+.
To Download and Install the Netsparker Cloud Scan Jenkins Plugin
- In Netsparker Cloud, navigate to the New Integrations window, and from the Continuous Integration Systems panel, select Jenkins.
The Jenkins Plugin Installation and Usage window is displayed.
- Click Download the plugin, and save the file to a location of your choice.
- Open Jenkins.
- From the main menu, click Manage Jenkins. The Manage Jenkins window is displayed.
- Click Manage Plugins. The Plugin Manager window is displayed.
- Click the Advanced tab.
- From the Upload Plugin section, click Choose File. The Open dialog box is displayed.
- Select the netsparker-cloud-scan.hpi file you downloaded previously, and click Open. The file is uploaded, and the focus of the window returns to the Advanced tab.
- In order to use the plugin, restart Jenkins. To restart, from a browser, navigate to:
- [jenkins_url]/safeRestart (restarts Jenkins after the current builds have completed)
- [jenkins_url]/restart (forces a restart and builds will not wait to complete)
Configuring The Jenkins Project
Each Jenkins project has its own build configuration. Each build configuration has its own build steps. The Netsparker Cloud Scan must be added to a Jenkins project as a build step.
How to Configure the Jenkins Project
- Open Jenkins. From the main menu, click Manage Jenkins.
The Manage Jenkins window is displayed.
- Click Configure System. The Configure System window is displayed.
- In the Netsparker Cloud section, enter your Netsparker Cloud Server URL and API Token, and click Test Connection.
- Navigate to the Jenkins Home page and click the project you want to add to the Netsparker Cloud Scan’s build step.
- The Project window is displayed.
- From the menu, click Configure. The Configure window is displayed.
- Click the Build Environment tab.
- From the Build section, click the Add build step dropdown, and select Netsparker Cloud Scan. The Scan Settings panel is displayed.
- Select the relevant options from Scan Type, Website Deploy URL and Profile Name.
- Click Save.
Viewing Netsparker Scan Results in Jenkins
When the build has been triggered, you can view the scan results in the Netsparker Cloud Report window.
How to View Netsparker Cloud Reports in Jenkins
- Open Jenkins.
- From your project page, select a build from the Build History section. The Build Detail window is displayed.
- From the menu, click Netsparker Cloud Report. The scan may take a while. If it is not yet finished, a warning message is displayed.
- When the scan has been completed, the scan results, Netsparker Cloud Executive Summary Report, are displayed.
- For further integration with Netsparker Cloud, you can also ensure that your SCM plugin is configured to share changelog data. From your Project window, click the Source Code Management tab. From the Additional Behaviours dropdown, select the Committer’s name.
This is a Security Bloggers Network syndicated blog post authored by Duran Serkan Kilic. Read the original post at: Netsparker, Web Application Security Scanner