Tenable Web App Scanning CI/CD Scanning with GitHub Integration
You can deploy a Tenable Web App Scanning Docker image in continuous integration and continuous delivery/continuous deployment CI/CD against your application in GitHub. For more information on this integration, see the GitHub documentation.
Before you begin:
-
Be able to deploy your app to an integration environment available to your GitHub build agent, or run it directly on the build agent for testing.
-
Review the overview information in CI/CD Application Scan Overview.
Pipeline workflow file example for GitHub:
name: CI WAS Scan
on:
push:
branches:
- main
pull_request:
jobs:
tenablescan:
name: was-cicd
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v2
- name: Build + Run PetStore
run: |
docker pull swaggerapi/petstore
docker run -d -e SWAGGER_URL=http://petstore:8080 -e SWAGGER_BASE_PATH=/v2 --name petstore swaggerapi/petstore
- name: Run WAS
run: |
docker pull tenable/was-scanner:latest
docker run -v $(pwd):/scanner -t -e WAS_MODE=cicd -e ACCESS_KEY=${ACCESS_KEY} -e SECRET_KEY=${SECRET_KEY} --link petstore tenable/was-scanner:latest || true
ls $(pwd)
env:
ACCESS_KEY: ${{ secrets.ACCESS_KEY }}
SECRET_KEY: ${{ secrets.SECRET_KEY }}
Example integrations for CI/CD tools:
-
GitHub