start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
Close
Select Page

Jenkins is the leading open-source automation server for developers looking to build applications in a continuous integration/continuous delivery (CI/CD) pipeline. If you are a developer using Jenkins who also cares about application security, you may have questions. How secure is the code I just pushed to an online repository? Is there a way to find out without juggling between development tools? Is it possible to integrate this type of security into the Jenkins pipeline?

The answer is “Yes.” All of this can be achieved using the HCL AppScan plugin for Jenkins, effectively integrating security into the CI/CD pipeline. Once the plug-in is downloaded, installed, and configured with AppScan on Cloud (ASoC), application security can become an easy priority to manage.

For starters, the plug-in empowers developers with the tools to perform checks for security vulnerabilities while coding and building their projects, and without the need to move back and forth from Jenkins to ASoC. And AppScan on Cloud supports a wide range of languages when used to perform Static Application Security Test (SAST) scans and this capability can be leveraged when using the plug-in.

The plug-in also allows you to benefit from the Machine Learning capabilities of AppScan like Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA), which provide results that are based on actionable issues and Fix groups.

IFA is a powerful machine-learning technology that does much of the triage work for you by, among other things, filtering out false positives and by grouping findings that can be remedied by a fix in one code point. More on IFA can be found in this article.

In addition, static analysis scans make use of Intelligent Code Analytics (ICA). ICA automatically discovers new application programming interfaces (API) and assesses them for security impact. Through ICA, all third-party API and frameworks are reviewed and assigned the right security impact. This allows for more complete scan results. Read this article to learn more about ICA.

When setting up your scans, you can configure the build to fail based on the specified security results such as the number of high severity vulnerabilities found. And you can reduce scan time by choosing a balance between speed and issue coverage. Optimized scans omit tests defined in the test policy for less severe or less likely vulnerabilities based on ongoing statistical analyses. Read more about test optimization here.

Watch this video for a demo on HCL AppScan On Cloud: Jenkins Integration.

Turn your “DevOps” into “DevSecOps” in Jenkins using the HCL AppScan plugin. For more information visit the HCL AppScan website to learn more or use this link to begin your free 30-day trial of HCL AppScan On Cloud.

 

Comment wrap
Secure DevOps | December 20, 2023
Secure Application Code Against Vulnerabilities Faster with HCL AppScan Fix Groups
Stop in for an update on how HCL AppScan helps find vulnerabilities and security risks, starting with built in AI that dramatically reduces the number of scan findings and practically eliminates false positives.
Secure DevOps | December 5, 2023
HCLSoftware Named a Strong Performer in The Forrester Wave™ - Static Application Security Testing, Q3 2023
HCLSoftware has been named a strong performer in The Forrester Wave™ - Static Application Security Testing, Q3 2023 Report. Read the blog to know more.
Secure DevOps | August 2, 2023
Wider Application Security Coverage with HCL AppScan DAST and Vulnerable Third-Party Component Detection
HCL AppScan DAST (dynamic application security testing) is an industry-leading technology that scans your applications and APIs against potential vulnerabilities.