Jenkins CI/CD Integration

Set up Invicti AppSec with Jenkins Pipeline for automated security scanning.

Jenkins

Jenkins pipeline that contains SAST & SCA scans

1. Define the pipeline agent

The pipeline agent is a Docker container with Maven and the Kondukto CLI installed.

2. Define the pipeline stages

The pipeline stages are SCM Checkout, Build, SCAN, and Publish.

3. SCM Checkout

Clone the repository of the Java application to be scanned and built.

4. Build

Compile the Java application and create a package.

5. Scan

The SCAN stage has two parallel stages - SAST and SCA. In SAST, the pipeline runs a SAST scan on the Java application using the Kondukto CLI and the findsecbugs tool. In SCA, the pipeline runs a DependencyCheck scan via the Kondukto CLI.

YAML

1pipeline {
2agent {
3  docker { 
4    image 'maven:3-alpine' 
5    args '-v /root/.m2:/root/.m2' 
6  }
7}
8stages {
9  stage("SCM Checkout") {
10    steps {
11       // clone the repository
12       git 'https://github.com/CSPF-Founder/JavaVulnerableLab.git'
13    }
14  }
15  stage('Build') {
16    steps {
17       // build/compile the app
18       sh 'mvn -B -DskipTests clean package' 
19    }
20  }
21 
22  stage("SCAN") {
23    parallel {
24       stage("SAST") {
25          steps {
26             sh "/usr/local/bin/kdt --config=/etc/kondukto.yaml scan -p JavaVulnerableLab -t findsecbugs -b main"
27          }
28       }
29 
30       stage("SCA") {
31          steps {
32             sh "/usr/local/bin/kdt --config=/etc/kondukto.yaml scan -p JavaVulnerableLab -t dependencycheck -b main"
33          }
34       }
35     } 
36  } 
37 
38  stage("Publish") {
39    steps {
40       sh "echo 'Publish'"
41    }
42  }
43} // end of stages
44}

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Jenkins

Need help?​

Need help?