Configure an Existing Project for the WhiteHat Jenkins Plugin
To configure an existing project, perform the following steps:
-
Navigate to the Jenkins dashboard and select your existing project.
-
Click Configure.
-
Click Post-build Action.
-
Click the Add post-build action dropdown.
-
Select WhiteHat Sentinel Plugin from the list.
-
If using your own Sentinel API Key, select Override Global Credentials.
-
Type the URL for your Sentinel server in the text field.
-
Type in your API key to be used globally for the project. To find out how to generate an API key on Sentinel see Generating an API key.
-
Click Test Connection to ensure that the credentials authenticate successfully.
-
Select the site asset for which you want to run the Sentinel scan. You can initiate both static SAST and dynamic DAST scans from the Jenkins plugin.
-
Optionally, select an application asset to initiate a SAST scan. If you select both, then the appropriate scan type will run for the selected asset.
-
Optionally, select Add New to add an additional asset.
-
Add an Application name for the selected asset in the text field.
-
Select the code language from the Choose language drop down, or select Discover my language to automatically detect the provided language.
-
Select the appropriate Appliance from the drop down.
-
If you have selected a Sentinel source asset (application) above, select the revelevent codebase from the drop down. If you select a SAST asset, but do not select a codebase, Sentinel scans the application using whatever information exists in Sentinel. If you do not select either a DAST asset (site) or a SAST asset (application), no scan will be initiated. Scheduling a scan via the Jenkins plugin overrides any pre-configured schedule. To upload a codebase, perform the following steps:
-
Type the Codebase name into the text field.
-
Click Add.
-
Click Done and the codebase will be available to select from the codebase dropdown.
-
-
Optionally, if you have added more than one SAST asset, click Add New to add an additional codebase.
-
Set the defaults for this post-build. To use the Jenkins build select Use Jenkins build.
-
Select the Archive radio button to archive your Jenkins workspace.
-
Type a name for the archive in the Archive name field.
-
Type in the extensions for excluded file types.
-
Type in the extensions for included file types.
If you specify excluded file types, all file types not listed will be included. If you specify included file types, all file types not listed will be excluded. These choices are mutually exclusive. -
To use an Ant Script, click Advanced and type the script in the Ant Script field.
-
-
Select the Binary radio button to scan the binary files.
-
Type in the Binary file name for the binary file. Supported file types include .jar, .war, .ear, .dll, and .exe.
You must accept the license before scanning binaries. See Enabling Binary Analysis in Adding a Code Base.
-
-
Use the radio buttons to select the Build Destination. You can select your Jenkins server itself, your SFTP server, or your WhiteHat appliance.
You must have the IP address for the WhiteHat appliance, and it must be accessible from your Jenkins server. -
Type your Jenkins host URL in the text field.
-
-
Select SFTP server to use this as your build destination.
-
Type the SFTP server URL in the text field.
-
Type your SFTP username in the text field.
-
Type your SFTP password in the text field.
-
Type the SFTP folder path in the text field.
-
Optionally, select the Delete archive after upload radio button.
-
-
Select WhiteHat appliance to use this as your build destination.
-
Type the Appliance IP address.
-
Optionally, select the Delete archive after upload radio button.
-
-
Use this field to set a maximum size (in MB) for the file to be uploaded.
-
Select the Trigger scan now radio button to trigger a WhiteHat Sentinel scan of the asset.
-
Optionally, click on the After the scan completes, fail to build if vulnerabilities exceed radio button. This is to set threshold values to fail the build if the number of vulnerabilities or the scan timeout exceed your preferred limits.
-
Open: Vulnerabilities that were already verified by WhiteHat in a previous scan.
-
Pending Verification: New vulnerabilities found by the current scan and have not yet been verified by WhiteHat.
-
All (Open and Pending Verification): Combined total vulnerabilities, including the vulnerabilities that were already verified by WhiteHat in a previous scan and the new ones found by the current scan.
-
-
Optionally, click Get existing values from Sentinel to display an existing vulnerabilities count from Sentinel.
-
The table displays the current number of vulnerabilities in Sentinel by threat level and verification status.
-
-
Optionally, select the Scan timeout radio button to set a time limit for the scan.
-
Type a Timeout limit in minutes in the text field. The default time limit is 1440 minutes (24 hours).
-
-
Click Save to save this post-build step.
Now you can view the build history or the console output.