Tenable Web App Scanning CI/CD Scanning with Jenkins Integration

You can deploy a Tenable Web App Scanning Docker image in continuous integration and continuous delivery/continuous deployment CI/CD against your application in Jenkins. For more information on this integration, see the Jenkins documentation.

Before you begin:

• Be able to deploy your app to an integration environment available to your Jenkins build agent, or run it directly on the build agent for testing.

• Review the overview information in CI/CD Application Scan Overview.

Pipeline workflow file example for Jenkins:

pipeline {
  agent any
  stages {
    stage('build-run-scan') {
      environment {
        ACCESS_KEY = credentials('ACCESS_KEY')
        SECRET_KEY = credentials('SECRET_KEY')
      }
      steps {
        sh '''
        docker pull swaggerapi/petstore
        docker run -d -e SWAGGER_URL=http://petstore:8080 -e SWAGGER_BASE_PATH=/v2 --name petstore swaggerapi/petstore
        docker pull tenable/was-scanner:latest
        docker run -v $(pwd):/scanner -t -e WAS_MODE=cicd -e ACCESS_KEY=${ACCESS_KEY} -e SECRET_KEY=${SECRET_KEY} --link petstore tenable/was-scanner:latest
        '''
      }
    }
  }
  post {
    always {
      sh '''
        docker rm $(docker stop $(docker ps -a -q --filter ancestor="tenable/was-scanner:latest" --format="{{.ID}}")) || true
        docker rm $(docker stop $(docker ps -a -q --filter ancestor="swaggerapi/petstore" --format="{{.ID}}")) || true
        docker system prune -f --volumes
        '''
        archiveArtifacts 'scanner.log'
        publishHTML([allowMissing: false, alwaysLinkToLastBuild: false, keepAll: true, reportDir: '', reportFiles: 'tenable_was_scan.html', reportName: 'WAS Report'])
        cleanWs()
    }
  }
}

Example integrations for CI/CD tools:

• Atlassian Bamboo

• Azure

• CircleCI

• GitHub

• GitLab