Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • AppScan Standard installed with a valid license on a node (slave) or master.

Plugin Setup

To download and install AppScan Standard plugin go to Manage Jenkins and then to Manage Plugins

  • Select the Available Plugins tab
  • Search for AppScan Standard
  • Select and install. Image Added

Plugin Configuration

  1. From the Jenkins homepage, click Manage Jenkins and then Global Tool Configuration
  2. Scroll down the page and locate the section titled AppScan Standard
  3. Click Add AppScan Standard
  4. Fill out the AppScan Standard form
    Image Removed Image Added
  5. Name: A name for this instance of AppScan Standard. This is just to help manage environments that may have multiple installation
  6. AppScan Standard Installation Directory: The path to the installation directory. Note: the default value is C:\Program Files (x86)\IBM\AppScanStandard\
  7. Click Save

Using the plugin

  1. Create a new job or access an existing job
  2. Select Configure
  3. Select "Add build step" and select "Run AppScan Standard"
  4. Image Added
  5. Complete the fields that appear:
  6. Image Added
    1. Installation will show the name you provided for the installation on the global configuration screen.
      1.  If you have not added an installation, please go the the Jenkins Global Tool Configuration link under Manage Jenkins.
      2.  If you only have one installation configured, the installation should be selected for you. If you plan to execute AppScan Standard on multiple Jenkins nodes, you may need to configure multiple installation paths.
    2. Starting URL is the URL AppScan Standard will use to run the spiders on to find compile a list of URIs to scan.
    3. Authenticated Scan will scan the website logged in as the provided account, this will provide better scanning results.
      1. Recorded Login Sequence uses a recorded login sequence (you must generate it using AppScan Standard previously) to login.
      2. Form Based Authentication tries to login automatically using the credentials provided, this method may fail depending on your website's authentication configuration.
    4. Generate Report will generate and save a report with the vulnerabilities found by AppScan Standard.
      1. Report title the generated report will be saved using this title for the name.
      2. HTML Report saves the report in HTML format.
      3. PDF saves the report in PDF format.
        1. You can save both formats in one run.
    5. Advanced configurations that can be applied to the scan
      1. Image Added
      2. Include URLs for Scanning allows you to manually include URLs for scanning in case the spiders miss them
      3. Test Policy File Path will use the specified test policy instead of the default options
      4. Additional Commands can be used to execute additional options available in the command line interface that are not available in plugin's graphical user interface.
  7. Click Save at the bottom
  8. Run the job.

...