--- title: "Jenkins Integration" slug: "jenkins-integration" description: "Integrate Traceable’s xAST with Jenkins to automate API security testing in CI/CD pipelines. Configure builds, run scans, and generate actionable reports to secure your APIs during development." updated: 2025-10-08T10:40:42Z published: 2025-10-08T10:40:42Z --- > ## Documentation Index > Fetch the complete documentation index at: https://traceabledocs.document360.io/llms.txt > Use this file to discover all available pages before exploring further. # Jenkins Integration ****Updates (October 2025 to December 2025)**** - *October**2025* — Updated the topic to add build steps added in the integration step - Run Traceable XAST with Jenkins. For more information, see [Run Traceable XAST with Jenkins](/docs/jenkins-integration#step-2-—-run-traceable-xast-with-jenkins). Jenkins is an open-source automation server that facilitates continuous integration and delivery (CI/CD) for software projects. It provides a platform for building, testing, and deploying applications in an automated and efficient manner. Traceable integrates with Jenkins by running security scans in staging environments. Traceable helps you find issues (vulnerabilities) in the early stages of SDLC, giving developers and product security engineers more time and context to prioritize mitigating vulnerabilities and build secure APIs. The topic explains how to configure and use Traceable CI/CD integration, as well as how to run the scan during the build step and view the scan summary report. ## What will you learn in this topic? By the end of this topic, you will be able to understand : - The steps to integrate Traceable with Jenkins. For more information, see [Integrate Traceable XAST with Jenkins](/docs/jenkins-integration#integrate-traceable-xast-with-jenkins). - The Jenkins Reports. For more information, see [Reports](/docs/jenkins-integration#reports). --- ## Before you begin Make a note of the following before proceeding with the integration: - Make sure that you have a functioning Jenkins setup. - Make sure that you have the required permissions to add and manage new [plugins](/docs/jenkins-integration#plugin-access). - Make sure that you create an API token that will be required during AST extension configuration. For more information, see [API Tokens](https://docs.traceable.ai/v1/docs/en/1d26f30c-12d5-4a59-b04d-fb6c854cf0f0?isPreview=true&versionNumber=15#step-1-%E2%80%94-generate-and-copy-the-platform-api-token). - Make sure that you already have a scan suite configured in AST. For more information, see [Scans](https://docs.traceable.ai/docs/ast-scans). The name of this suite is required later to configure the AST extension in your pipeline. For more information, see [Run Traceable XAST with Jenkins](/docs/jenkins-integration#step-2-—-run-traceable-xast-with-jenkins). --- ## Plugin access To access Traceable's plugin for Jenkins, contact Traceable's support team at [support@traceable.ai](mailto:support@traceable.ai). --- ## Integrate Traceable XAST with Jenkins Integrating Jenkins with Traceable consists of two steps: 1. [Deploy the Traceable Jenkins Plugin](/docs/jenkins-integration#step-1-—-deploy-the-plugin) 2. [Run Traceable XAST with Jenkins](/docs/jenkins-integration#step-2-—-run-traceable-xast-with-jenkins) ### Step 1 — Deploy the plugin Complete the following steps to deploy Traceable's plugin for Jenkins: 1. Navigate to your [Jenkins Dashboard](https://www.jenkins.io/) and click on **Manage Jenkins**. 2. Under **System Configurations**, click **Plugins**. ![traceable_jenkins_integration_manage_jenkins](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_jenkins_integration_manage_jenkins.png) Plugins 3. Click **Advanced settings**, and navigate to the **Deploy Plugin** section. ![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_jenkins_integration_deploy_plugin.png) Deploy Plugin 4. Click **Browse** and select the `traceable.hpi` file provided by Traceable, and click **Deploy**. To receive the `traceable.hpi` file, reach out to Traceable's support team at [support@traceable.ai](mailto:support@traceable.ai). ### Step 2 — Run Traceable XAST with Jenkins To run Traceable XAST with Jenkins, log in to your Jenkins platform and complete the following steps: 1. Click **New Item** on the Jenkins dashboard. ![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_jenkins_integration_new_item.png) New Jenkins Item 2. Specify an **item name** by which you can identify the job containing Traceable XAST. 3. Select the **Freestyle project** and click **Ok**. You can also add this as a build step in the existing **Freestyle Job**. ![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_jenkins_integration_freestyle_project.png) Project Selection 4. Navigate to **Configure****→** **Build Triggers**,****and in the **Build Steps** drop-down list, select the following: - Traceable AST - Generate Scan Result. - Traceable AST - Initialize. - Traceable AST - Initialize and Run. - Traceable AST - Run. ![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/image(18).png) 1. Specify the **Scan Name**. 2. (Optional) Specify the**Test Environment**. 3. Specify the **Client Token**. For more information, see [Step 1 in Public APIs](https://docs.traceable.ai/docs/public-apis#step-1-–-copy-the-platform-api-token). 4. (Optional) Specify the **Attack Policy**. 5. Specify the **Suite name**. > [!NOTE] > Note > > If you are using a **Suite name** in the Build, you must specify only the **Scan Name** and **Client Token** fields. ![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/image(20).png) 1. Click **Save**and **Apply**. ![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/image(21).png) This job gets triggered whenever the build trigger condition is satisfied. --- ## Reports To view the reports, complete the following steps: 1. Open the **Freestyle Job** in which you are running Traceable XAST. 2. Select the build job you wish to view the report for from the list of builds in the build menu. 3. Click **Traceable AST Report**. It generates the following sample report containing the following details: - **Plugin Categories**— Plugin category, subcategory, such as SQL Injection, Authentication. - **Severity levels** — Different severity levels of each vulnerability, such as, *High*, *Critical*, or *Unspecified*. - **Vulnerability summary** — Number of vulnerabilities found in the particular category. Jenkins report helps Traceable confirm scan execution and timing, prioritize and remediate critical vulnerabilities, track trends across builds, and use scan IDs and timestamps for audit and compliance reporting. ![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_jenkins_integration_reports.png) Sample Report