Skip to content
/ CI_CD_DAST Public
forked from christyson/CI_CD_DAST

Example Jenkins Integration for Veracode DAST

License

MIT license
0 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ctcircleci/CI_CD_DAST

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

169 Commits
Jenkinsfile_DAST_API
Jenkinsfile_DAST_API
 
 
Jenkinsfile_DAST_ISM
Jenkinsfile_DAST_ISM
 
 
Jenkinsfile_dast
Jenkinsfile_dast
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
azure-pipelines-1.yml
azure-pipelines-1.yml
 
 
azure-pipelines_ISM.yml
azure-pipelines_ISM.yml
 
 
azure_api_scan.yml
azure_api_scan.yml
 
 
create-api-spec-scan.py
create-api-spec-scan.py
 
 
create-or-update-da-scan.py
create-or-update-da-scan.py
 
 
create-or-update-da-scan_wISM.py
create-or-update-da-scan_wISM.py
 
 
jenkins-create-da-ism-scan.py
jenkins-create-da-ism-scan.py
 
 
jenkins-create-da-scan.py
jenkins-create-da-scan.py
 
 
jenkins-update-da-scan.py
jenkins-update-da-scan.py
 
 
petstore-template.har
petstore-template.har
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

CI_CD_DAST

Example Integrations for Veracode DAST into CI/CD Systems.

create-or-update-da-scan.py

An example that creates or updates a Dynamic Analysis for authenticated public sites

The script relies on environment variables to direct it. These can be created in your CI/CD system. It specifically needs:

1. VeraID            - Your Veracode ID 
2. VeraPW            - Your Veracode Secret Key
3. Dyanamic_Target   - The url you wish to scan
4. Dynamic_User      - The user you need for authenticated scan
5. Dynamic_Pass      - The password for the user
6. JOB_NAME          - The Dynamic Analysis name in the plaftorm.

For this example it assumes the JOB_NAME is the same as the Dynamic Analysis you wish to create/update and that there is a corresponding application to link to with the same name.

The example also assumes the web site can work with Veracode's Dynamic Analysis Auto login feature

To create your Veracode ID/Secret Key you can look here: https://help.veracode.com/r/c_api_credentials3

create-or-update-da-scan_wISM.py

An example that creates or updates a Dynamic Analysis using Veracodes Internal Scanning Management for authenticated sites behind the firewall

The script relies on environment variables to direct it. These can be created in your CI/CD system. It specifically needs:

1. VeraID            - Your Veracode ID 
2. VeraPW            - Your Veracode Secret Key
3. Dyanamic_Target   - The url you wish to scan
4. Dynamic_User      - The user you need for authenticated scan
5. Dynamic_Pass      - The password for the user
6. JOB_NAME          - The Dynamic Analysis name in the plaftorm. 
7. gateway_id        - The ID of your Internal Scanning Management Gateway
8. endpoint_id       - The ID of your Internal Scanning Management Endpoint to use

For this example it assumes the JOB_NAME is the same as the Dynamic Analysis you wish to create/update and that there is a corresponding application to link to with the same name.

The example also assumes the web site can work with Veracode's Dynamic Analysis Auto login feature

To create your Veracode ID/Secret Key you can look for instructions here: https://help.veracode.com/r/c_api_credentials3 To find your gateway_id and endpoint_id you can look for instructions here: https://help.veracode.com/r/t_dynamic_ISM

Note: more examples to come later

About

Example Jenkins Integration for Veracode DAST

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%