Integrate with Jenkins Pipeline

Tenable Cloud Security integrates with Jenkins and scans your Jenkins pipeline for violations.

Before you begin:

  • Ensure you have access to working Jenkins instance.

  • Ensure you have a repository to scan.

To connect to Jenkins:

  1. From the root folder of the repository, open the groovy file that hosts the pipeline, usually named jenkins-pipeline.groovy.

  2. Add the following block of statements in the groovy file under the steps before it starts deploying the infrastructure.

    For scanning a repository:

    sh 'echo downloading Tenable CS CLI'
    sh 'wget -O tcs-iac-scanner'
    sh 'chmod +x tcs-iac-scanner'
    sh './tcs-iac-scanner init'
    sh './tcs-iac-scanner scan -mode=pipeline -appurl= -token=<tcs_api_token> -fail -project=<project_id>'
  3. Where:

    • API_token: API authentication token you generate from Tenable Cloud Security. For more information, see Generate API Tokens.

    • -fail: (Optional) Specify this parameter to fail the pipeline if Tenable Cloud Security finds a High severity policy failure.

    • project_ID: (Optional) Project in Tenable Cloud Security. If you specify the project, Tenable Cloud Security sends the scan results to this project. If you do not specify the project, Tenable Cloud Security creates a default project for displaying the scan results.