Integrate dynamic application security testing into the software development lifecycle (SDLC) with AppSpider Enterprise and Jenkins to:
Application development moves at a blistering pace; releases that used to come out once or twice a year now happen weekly, daily, even continuously. While modern web technologies and tools such as continuous integration/continuous delivery (CI/CD) have helped accelerate the pace of development, these same driving forces also make it difficult for application scanners to crawl and test your modern applications. Security teams are having trouble testing applications for vulnerabilities at the rate at which development teams update them, thus creating heightened yet unknown security risk.
This is where Rapid7 and Jenkins can help. Rapid7’s AppSpider Enterprise DAST (Dynamic Application Security Testing) tool integrates with the Jenkins CI/CD solution to help security teams work in parallel with application development. The integration also makes it possible for organizations to adopt a DevSecOps mentality, where security isn’t the responsibility of a single team, but rather a shared mindset between development, IT operations, and security that can be operationalized via automation. Rapid7’s application security solutions are also the only DAST solutions with a Universal Translator, meaning they can scan modern applications, SPAs (Single Page Applications), and APIs and still generate high quality vulnerability results right out of the box.
The AppSpider Enterprise and Jenkins integration utilizes a Jenkins plugin designed for AppSpider Enterprise’s robust REST API. The Jenkins plugin, once configured with the URL to the AppSpider Enterprise REST API as well as the AppSpider Enterprise login credentials, makes AppSpider Enterprise scanning available as a post-build Jenkins task.
Figure 1: Adding AppSpider scans as a post-build Jenkins task
After the automated scan executes, the vulnerability report generated by AppSpider Enterprise can be automatically retrieved and placed in the Jenkins build workspace for review, or viewed in the AppSpider Enterprise console.
The AppSpider Enterprise Jenkins plugin utilizes the AppSpider Enterprise REST API to trigger scans during the Jenkins build; that API can also be called directly for additional custom integration actions. Need some ideas for where to start? The following are some of the capabilities exposed in the AppSpider Enterprise REST API: