Tenable Web App Scanning CI/CD Scanning with GitHub Integration

You can deploy a Tenable Web App Scanning Docker image in continuous integration and continuous delivery/continuous deployment CI/CD against your application in GitHub. You can set your deployment to retrieve artifacts such as scan logs and reports. For more information on this integration, see the GitHub documentation.

Before you begin:

Be able to deploy your app to an integration environment available to your GitHub build agent, or run it directly on the build agent for testing.
Review the overview information in CI/CD Application Scan Overview.

Pipeline workflow file example for GitHub:


name: CI WAS Scan
on:
  push:
    branches:
      - main
  pull_request:
jobs:
  tenablescan:
    name: was-cicd
    runs-on: ubuntu-latest
    steps:
      - name: Clone repo
        uses: actions/checkout@v2
      - name: Build + Run PetStore
        run: |
          docker pull swaggerapi/petstore
          docker run -d -e SWAGGER_URL=http://petstore:8080 -e SWAGGER_BASE_PATH=/v2 --name petstore swaggerapi/petstore
      - name: Run WAS
        run: |
          docker pull tenable/was-scanner:latest
          docker run -v $(pwd):/scanner -t -e WAS_MODE=cicd -e ACCESS_KEY=${ACCESS_KEY} -e SECRET_KEY=${SECRET_KEY} --link petstore tenable/was-scanner:latest || true
          ls $(pwd)
        env:
          ACCESS_KEY: ${{ secrets.ACCESS_KEY }}
          SECRET_KEY: ${{ secrets.SECRET_KEY }}

Example integrations for CI/CD tools: