Tenable Web App Scanning CI/CD Scanning with Jenkins Integration
You can deploy a Tenable Web App Scanning Docker image in continuous integration and continuous delivery/continuous deployment CI/CD against your application in Jenkins. For more information on this integration, see the Jenkins documentation.
Before you begin:
-
Be able to deploy your app to an integration environment available to your Jenkins build agent, or run it directly on the build agent for testing.
-
Review the overview information in CI/CD Application Scan Overview.
Pipeline workflow file example for Jenkins:
pipeline {
agent any
stages {
stage('build-run-scan') {
environment {
ACCESS_KEY = credentials('ACCESS_KEY')
SECRET_KEY = credentials('SECRET_KEY')
}
steps {
sh '''
docker pull swaggerapi/petstore
docker run -d -e SWAGGER_URL=http://petstore:8080 -e SWAGGER_BASE_PATH=/v2 --name petstore swaggerapi/petstore
docker pull tenable/was-scanner:latest
docker run -v $(pwd):/scanner -t -e WAS_MODE=cicd -e ACCESS_KEY=${ACCESS_KEY} -e SECRET_KEY=${SECRET_KEY} --link petstore tenable/was-scanner:latest
'''
}
}
}
post {
always {
sh '''
docker rm $(docker stop $(docker ps -a -q --filter ancestor="tenable/was-scanner:latest" --format="{{.ID}}")) || true
docker rm $(docker stop $(docker ps -a -q --filter ancestor="swaggerapi/petstore" --format="{{.ID}}")) || true
docker system prune -f --volumes
'''
archiveArtifacts 'scanner.log'
publishHTML([allowMissing: false, alwaysLinkToLastBuild: false, keepAll: true, reportDir: '', reportFiles: 'tenable_was_scan.html', reportName: 'WAS Report'])
cleanWs()
}
}
}
Example integrations for CI/CD tools: