Tenable Web App Scanning CI/CD Scanning with Jenkins Integration

You can deploy a Tenable Web App Scanning Docker image in continuous integration and continuous delivery/continuous deployment CI/CD against your application in Jenkins. For more information on this integration, see the Jenkins documentation.

Before you begin:

Be able to deploy your app to an integration environment available to your Jenkins build agent, or run it directly on the build agent for testing.
Review the overview information in CI/CD Application Scan Overview.

Pipeline workflow file example for Jenkins:


pipeline {
  agent any
  stages {
    stage('build-run-scan') {
      environment {
        ACCESS_KEY = credentials('ACCESS_KEY')
        SECRET_KEY = credentials('SECRET_KEY')
      }
      steps {
        sh '''
        docker pull swaggerapi/petstore
        docker run -d -e SWAGGER_URL=http://petstore:8080 -e SWAGGER_BASE_PATH=/v2 --name petstore swaggerapi/petstore
        docker pull tenable/was-scanner:latest
        docker run -v $(pwd):/scanner -t -e WAS_MODE=cicd -e ACCESS_KEY=${ACCESS_KEY} -e SECRET_KEY=${SECRET_KEY} --link petstore tenable/was-scanner:latest
        '''
      }
    }
  }
  post {
    always {
      sh '''
        docker rm $(docker stop $(docker ps -a -q --filter ancestor="tenable/was-scanner:latest" --format="{{.ID}}")) || true
        docker rm $(docker stop $(docker ps -a -q --filter ancestor="swaggerapi/petstore" --format="{{.ID}}")) || true
        docker system prune -f --volumes
        '''
        archiveArtifacts 'scanner.log'
        publishHTML([allowMissing: false, alwaysLinkToLastBuild: false, keepAll: true, reportDir: '', reportFiles: 'tenable_was_scan.html', reportName: 'WAS Report'])
        cleanWs()
    }
  }
}

Example integrations for CI/CD tools: