If you are one of the many developers around the world that build (or are interested in building) applications in Jenkins, the leading open-source automation server, we have news for you. The HCL AppScan plugin for Jenkins allows you to seamlessly integrate dynamic application security testing (DAST) right into your Jenkins continuous integration/continuous (CI/CD) delivery pipeline.
Capturing vulnerabilities early is critical when it comes to application security. The HCL plugin allows you to run DAST scans during the staging process, after the application has been built but before it goes live. And better yet, AppScan can save you even more time by automatically scanning only the parts of an application that have been changed, instead of retesting the entire application.
- You can manage distributed builds using Jenkins Master Slave configuration in which Jenkins allocates the different jobs to various slave machines. With this approach, you are able to efficiently apply DAST and SAST (Static Application Security Test) scans of multiple newly built projects or newly deployed websites. The security summary of issues of each of them would be displayed along with the security test report. The reports contain scan issues along with Remediation for the issues reported. HCL AppScan’s reports are vast and detailed, and they can be consumed by multiple stakeholders, such as developers and security analysts.
- The task can scan specific flows of the websites (newly deployed ones or locally hosted ones or public sites) using Activity Recorder. This small utility enables you to record traffic and actions from your website and upload those recordings to the AppScan Dynamic analysis tool of your choice – HCL AppScan Enterprise or HCL AppScan Standard or HCL AppScan On Cloud.
- The HCL AppScan plugin supports enablement and configuration of settings as well as email alerts before triggering a build.
- You can configure the build to fail based on the security results such as a specified number of high severity vulnerabilities.
- Scan time can be reduced by choosing a balance between speed and issue coverage. Optimized scans omit tests defined in the Test policy for less severe or less likely vulnerabilities based on ongoing statistical analyses.
- Your test reports are available in JSON format.
- You can use the AppScan Issue Management Gateway service to migrate Issues from AppScan Enterprise to other issue management applications like Jira, Azure and Rational Team Concert.
Watch this video for a demo on HCL AppScan Enterprise: Jenkins Integration.
Adding security testing directly into your Jenkins pipeline with the HCL AppScan plugin allows you to take applications live with greater confidence, and without loss of time. Visit the HCL AppScan website to learn more or use this link to begin your free 30-day trial of HCL AppScan Enterprise and test-drive application security on your own.