HCL SW Blogs
HCL SW Blogs
Select Page
Secure DevOps
  |  October 31, 2022

HCL AppScan Integrates Security Scanning Easily into the Jenkins Pipeline

Parimal Sureshagarkhed
Parimal Sureshagarkhed
Lead Software Engineering
HCL AppScan Integrates Security Scanning

If you are one of the many developers around the world that build (or are interested in building) applications in Jenkins, the leading open-source automation server, we have news for you. The HCL AppScan plugin for Jenkins allows you to seamlessly integrate dynamic application security testing (DAST) right into your Jenkins continuous integration/continuous (CI/CD) delivery pipeline.

Capturing vulnerabilities early is critical when it comes to application security. The HCL plugin allows you to run DAST scans during the staging process, after the application has been built but before it goes live. And better yet, AppScan can save you even more time by automatically scanning only the parts of an application that have been changed, instead of retesting the entire application.

AppScan Dast Topology and Tips

Notable Features

  • You can manage distributed builds using Jenkins Master Slave configuration in which Jenkins allocates the different jobs to various slave machines. With this approach, you are able to efficiently apply DAST and SAST (Static Application Security Test) scans of multiple newly built projects or newly deployed websites. The security summary of issues of each of them would be displayed along with the security test report. The reports contain scan issues along with Remediation for the issues reported. HCL AppScan’s reports are vast and detailed, and they can be consumed by multiple stakeholders, such as developers and security analysts.
  • The task can scan specific flows of the websites (newly deployed ones or locally hosted ones or public sites) using Activity Recorder. This small utility enables you to record traffic and actions from your website and upload those recordings to the AppScan Dynamic analysis tool of your choice – HCL AppScan Enterprise or HCL AppScan Standard or  HCL AppScan On Cloud.
  • The HCL AppScan plugin supports enablement and configuration of settings as well as email alerts before triggering a build.
  • You can configure the build to fail based on the security results such as a specified number of high severity vulnerabilities.
  • Scan time can be reduced by choosing a balance between speed and issue coverage. Optimized scans omit tests defined in the Test policy for less severe or less likely vulnerabilities based on ongoing statistical analyses.
  • Your test reports are available in JSON format.
  • You can use the  AppScan Issue Management Gateway service to migrate Issues from AppScan Enterprise to other issue management applications like Jira, Azure and Rational Team Concert.

Integrate Web Application in the SDLC

Watch this video for a demo on HCL AppScan Enterprise: Jenkins Integration.

Adding security testing directly into your Jenkins pipeline with the HCL AppScan plugin allows you to take applications live with greater confidence, and without loss of time. Visit the HCL AppScan website to learn more or use this link to begin your free 30-day trial of HCL AppScan Enterprise and test-drive application security on your own.

 

Comment wrap
Parimal Sureshagarkhed
Parimal Sureshagarkhed
Lead Software Engineering
Parimal Agarkhed is currently a Lead Software Engineer at HCL AppScan, focusing on testing integration components for DevSecOps. He has 17+ years of professional experience in the IT space, including contributions toward the Application Security domain for the past three years. When not on his laptop, he likes to travel, explore and share his experiences.
Read more

Topics in this article:

DAST and SASThcl appscanHCL AppScan On Cloud.jenkins

Submit a Comment

Your email address will not be published. Required fields are marked *

* HCL provides software and services to the U.S. Federal Government through its partner Four, Inc. Please contact Four, Inc. at the U.S. Federal Government contact page.


Further Reading
appscan
appscan
HCL AppScan Standard
Secure DevOps | January 4, 2023
Application Issue Triage Has Never Been Easier in HCL AppScan Standard
HCL AppScan Standard has new user interface with an upgraded triage process to help users leverage the software’s numerous DAST capabilities.
Asaf Yogev
Asaf Yogev
appscan
appscan
Two GitHub Actions from HCL AppScan
Secure DevOps | December 22, 2022
Two GitHub Actions From HCL AppScan That Help Find and Fix Security Vulnerabilities Fast
HCL AppScan has two GitHub actions that can help you find and fix vulnerabilities in your source code — all without slowing your GitHub workflow.
Matthew Murphy
Matthew Murphy
Software Architect at HCLSoftware
appscan
appscan
Leveraging HCL AppScan
Secure DevOps | December 1, 2022
Leveraging HCL AppScan on Cloud for More Secure Coding in Jenkins
Use the HCL AppScan plugin for Jenkins, to effectively integrate security into the CI/CD pipeline.
Parimal Sureshagarkhed
Parimal Sureshagarkhed
Lead Software Engineering
Close
Filters result by
Sort:
|
ProductsRESET