Jenkins DAST¶
Overview¶
The AccuKnox DAST Jenkins Plugin simplifies integrating dynamic application security testing (DAST) into Jenkins pipelines. This plugin allows you to perform ZAP-based scans on target URLs and seamlessly upload the results to AccuKnox SaaS for centralized investigation and analysis.
Key Features¶
-
Automated DAST Scans: Perform Baseline or Full Scans on target URLs directly from your Jenkins pipelines.
-
Seamless Integration with AccuKnox: Upload scan results to AccuKnox SaaS, enabling centralized management of DAST findings alongside SAST, IaC, and container security findings.
-
Customizable Build Parameters: Define parameters like target URL, scan type, severity thresholds, and AccuKnox authentication details.
Installation¶
Current Installation Method:¶
-
Download the plugin in
.hpi
format from the provided source. -
Navigate to the Jenkins dashboard.
-
Go to Manage Jenkins > Manage Plugins.
-
Under the Advanced tab:
-
Click Choose File and select the downloaded
.hpi
file. -
Click Deploy to install the plugin.
-
Restart Jenkins if required.
Future Availability:¶
The plugin will be available in the Jenkins Marketplace after the release.
Configuration¶
Job Configuration¶
-
Open the configuration page of your Jenkins job.
-
Under the Build section:
-
Click Add build step.
-
Select Run AccuKnox DAST Scan.
Plugin Parameters:¶
The plugin provides the following configuration options:
Parameter | Description | Example |
---|---|---|
Target URL | URL of the web application to scan. | https://example.com |
Scan Type | Type of scan: baseline or full-scan. | full-scan |
Tenant ID | Tenant ID associated with your AccuKnox account. | my-tenant-id |
AccuKnox Token | Authentication token for AccuKnox SaaS. | my-accuknox-token |
Label | A label to tag the scan results in AccuKnox SaaS. | build-123 |
Severity Threshold | Minimum severity level to trigger build failures (e.g., High). | High |
Token Generation for AccuKnox¶
To generate the AccuKnox Token and obtain the Tenant ID:
-
Log in to AccuKnox.
-
Navigate to Settings > Tokens and create an AccuKnox token.
-
Copy the generated token and store it securely for later use. For detailed steps, refer to How to Create Tokens.
Running the Scan¶
When you run the Jenkins job:
-
DAST Scan Execution:
-
The plugin performs a DAST scan (baseline or full) on the target URL.
-
Results are saved as a
report.json
file in the workspace. -
Uploading Results to AccuKnox SaaS:
-
The
report.json
file is uploaded to the specified AccuKnox tenant using the provided credentials.
Sample Console Output:¶
Running AccuKnox DAST Scan...
ZAP output: [ZAP Scan Logs]
Uploading DAST scan results to AccuKnox...
Results uploaded successfully.
Troubleshooting¶
-
Missing AccuKnox Token or Tenant ID:
-
Ensure both fields are provided in the Jenkins job configuration.
-
Verify their accuracy in the AccuKnox SaaS dashboard.
-
Scan Failure:
-
Check the Jenkins console output for ZAP-specific errors.
-
Verify that the target URL is accessible and not blocking scan requests.
-
Upload Failure:
-
Verify network connectivity to the AccuKnox SaaS endpoint.
-
Double-check the Tenant ID and AccuKnox Token.
-
Ensure the
report.json
file is generated correctly before uploading.
Conclusion¶
The AccuKnox DAST Jenkins Plugin simplifies the process of integrating dynamic application security testing into your CI/CD pipeline. By seamlessly combining ZAP-based scans with AccuKnox SaaS, you can ensure vulnerabilities are identified and managed in a centralized manner, improving the overall security posture of your application.
For further assistance, contact the AccuKnox support team or refer to the AccuKnox Documentation.