Jenkins integration

Jenkins is an open-source automation server that helps in software projects’ continuous integration and delivery (CI/CD). It provides a platform for building, testing, and deploying applications in an automated and efficient manner. Traceable integrates with Jenkins by running security scans in staging environments. Traceable helps you find vulnerabilities in the early stages of SDLC, giving developers and product security engineers more time and context to prioritize mitigating vulnerabilities and build secure APIs. The topic explains how to configure and use Traceable xAST CI/CD integration and how to run the scan during the build step and view the scan summary report.

Before you begin

Make sure that you have a working Jenkins setup and the required permissions to add and manage new plugins.

Plugin access

To access Traceable's plugin for Jenkins, contact Traceable's support team at support@traceable.ai.

Integrate Traceable xAST with Jenkins

Integrating Jenkins with Traceable consists of two steps:

1. Deploying Traceable's Jenkins plugin

2. Run Traceable xAST with Jenkins

Step 1 - Deploy the plugin

Complete the following steps to deploy Traceable's plugin for Jenkins:

1. Navigate to your Jenkins dashboard and click on Manage Jenkins.

2. Click on Plugins under System Configurations, as shown below.

   

3. Click on Advanced settings and navigate to the Deploy Plugin option.

   

4. Click on Browse and select traceable.hpi file provided by Traceable. Click on Deploy. 

Step 2 - Run Traceable xAST with Jenkins

Complete the following steps:

1. Click on New Item on the Dashboard.

   

2. Specify a name using which you can identify the job which contains Traceable xAST. Select the Freestyle project and click on Ok. You can also add this as a build step in the existing Freestyle Job.

   

3. Configure Build Triggers, and in the Build Steps drop-down list, select Traceable AST - Initialize and Run. Moreover, select the post-build actions from the Post-build Actions drop-down.

   

4. Configure the various fields, like Scan Name, Test Environment, Client Token, Attack Policy, Suite name, etc.

   Note

   If you are using a Suite name in the Build, you must specify only the Scan Name and Client Token fields.

   

5. Click on Save and Apply.

This job gets triggered whenever the build trigger condition is satisfied.

Reports

To view the reports, complete the following steps:

1. Open the Freestyle Job in which you are running Traceable xAST.

2. Select the build job you wish to view the report for from the list of builds in the build menu.

3. Click on Traceable AST Report. Following is a sample report: