Integrating Acunetix in your web application’s Jenkins Pipeline

An Acunetix scan can easily be included as part of a Jenkins Pipeline. This provides the benefit of automatically integrating the Acunetix security scan into your continuous delivery (CD) pipeline, and this can be declared as part of your project’s source code repository.

Prerequisites

Before you start, the Acunetix Jenkins plugin must be installed and configured correctly as described in this article.

Generating the pipeline code

You can easily generate the pipeline code as follows:

  1. Open the configuration for your project
  2. Browse down to the Pipeline section, and click on “Pipeline Syntax”
  3. Choose “Jenkins Snippet Generator”
  4. In the Sample Step, choose “step: General Build Step”
  5. In Build Step, choose “Acunetix”
  6. Configure the following as needed
    a) Scan Type
    b) Scan Target
    c) Fail the build if threat level is
    d) Stop the scan when build fails
    e) Generate Report
  7. Click “Generate Pipeline Script”
    Jenkins Pipeline
  8. This will generate the code that needs to be inserted as a step in the Jenkins file as shown in the following example
Example of a Jenkins file:
pipeline {
agent any
stages {
stage('Testing') {
steps {
echo 'Checking web security..'
step([$class: 'BuildScanner', profile: '11111111-1111-1111-1111-111111111111', repTemp: 'no_report', stopScan: true, target: '093a9e8f-f1c3-445f-87b8-86116d998108', threat: 'Medium'])
}
}
}
}

Running the project

Using the Jenkins file above, the console output will contain the following:

Commit message: "new target"
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Testing)
[Pipeline] echo
Checking web security..
[Pipeline] step
Starting scan on target: http://testphp.vulnweb.com/ (Acunetix php test site)
Scan started
The scan threat level: "High" is greater or equal than the configured level: "Medium"
Aborting the build
The scan was stopped
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: The scan threat level is greater or equal than the configured level
Finished: FAILURE


*** This is a Security Bloggers Network syndicated blog from Web Security Blog – Acunetix authored by acunetix. Read the original post at: http://feedproxy.google.com/~r/acunetixwebapplicationsecurityblog/~3/4570zfX1aVM/