- 22 Jun 2023
- 1 Minute to read
- PDF
Jenkins integration
- Updated on 22 Jun 2023
- 1 Minute to read
- PDF
Jenkins is an open-source automation server that helps in the continuous integration and continuous delivery (CI/CD) of software projects. It provides a platform for building, testing, and deploying applications in an automated and efficient manner. Traceable integrates with Jenkins by running security scans in staging environments. Traceable helps you by finding vulnerabilities in the early stages of SDLC, giving developers and product security engineers more time and context to prioritize the mitigation of vulnerabilities and build secure APIs. The topic explains how you can configure and use Traceable xAST CI/CD integration and how to use this to run the scan during the build step and view the scan summary report.
Before you begin
Make sure that you have a working Jenkins setup and have the required permissions to add and manage new plugins.
Plugin access
To access Traceable's plugin for Jenkins, reach out to the Traceable's support team at support@traceable.ai.
Integrate Traceable xAST with Jenkins
Integrating Jenkins with Traceable consists of two steps:
- Deploying Traceable's Jenkins plugin
- Run Traceable xAST with Jenkins
Step 1 - Deploy the plugin
Complete the following steps to deploy Traceable's plugin for Jenkins:
- Navigate to your Jenkins dashboard and click on Manage Jenkins.
- Click on Plugins under System Configurations as shown below.
- Click on the Advanced menu and navigate to the Deploy Plugin option.
- Click on Browse and select
traceable.hpi
file provided by Traceable. Click on Deploy.
Step 2 - Run Traceable xAST with Jenkins
Complete the followings steps:
- Click on New Item on the Dashboard.
- Provide a name which will help you identify the job which contains Traceable xAST. Select Freestyle project and click on Ok. You can also add this as a build step in the existing Freestyle Job.
- Configure Build Triggers and in Build Steps drop-down list, select Traceable AST - Initialize and Run. Moreover, select the post build actions from the Post-build Actions drop-down. Click on Save and Apply.
- Configure the various fields, like Scan name, Test Environment, Client Token, CLI Binary Location, Plugin, and so on.
- Save and Apply.
This job gets triggered whenever the build trigger condition is satisfied.
Reports
To view the reports, complete the following step:
- Open the Freestyle Job in which you are running Traceable xAST.
- Select the build job you wish to view the report for from the list of builds in the build menu.
- Click on Traceable AST report. Following is a sample report: