Jenkins integration

Jenkins is an open-source automation server that helps in the continuous integration and continuous delivery (CI/CD) of software projects. It provides a platform for building, testing, and deploying applications in an automated and efficient manner. Traceable integrates with Jenkins by running security scans in staging environments. Traceable helps you by finding vulnerabilities in the early stages of SDLC, giving developers and product security engineers more time and context to prioritize the mitigation of vulnerabilities and build secure APIs. The topic explains how you can configure and use Traceable xAST CI/CD integration and how to use this to run the scan during the build step and view the scan summary report.

Before you begin

Make sure that you have a working Jenkins setup and have the required permissions to add and manage new plugins.

Plugin access

To access Traceable's plugin for Jenkins, reach out to the Traceable's support team at support@traceable.ai.

Integrate Traceable xAST with Jenkins

Integrating Jenkins with Traceable consists of two steps:

1. Deploying Traceable's Jenkins plugin
2. Run Traceable xAST with Jenkins

Step 1 - Deploy the plugin

Complete the following steps to deploy Traceable's plugin for Jenkins:

1. Navigate to your Jenkins dashboard and click on Manage Jenkins.
2. Click on Plugins under System Configurations as shown below.
3. Click on the Advanced menu and navigate to the Deploy Plugin option.
4. Click on Browse and select traceable.hpi file provided by Traceable. Click on Deploy. 

Step 2 - Run Traceable xAST with Jenkins

Complete the followings steps:

1. Click on New Item on the Dashboard.
2. Provide a name which will help you identify the job which contains Traceable xAST. Select Freestyle project and click on Ok. You can also add this as a build step in the existing Freestyle Job.
3. Configure Build Triggers and in Build Steps drop-down list, select Traceable AST - Initialize and Run. Moreover, select the post build actions from the Post-build Actions drop-down. Click on Save and Apply.
4. Configure the various fields, like Scan name, Test Environment, Client Token, CLI Binary Location, Plugin, and so on. 
5. Save and Apply.

This job gets triggered whenever the build trigger condition is satisfied.

Reports

To view the reports, complete the following step:

1. Open the Freestyle Job in which you are running Traceable xAST.
2. Select the build job you wish to view the report for from the list of builds in the build menu.
3. Click on Traceable AST report. Following is a sample report: