Due to some maintenance issues, this service has been switched in read-only mode, you can find more information about the why

and how to migrate your plugin documentation in this blogpost

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

Plugin Information

View IBM Security AppScan Standard Scanner on the plugin site for more information.

Project Description

The purpose of this plugin is to allow Jenkins to perform dynamic analysis with IBM AppScan Standard with minimal configuration.

AppScan Standard is a security tool provided by IBM that will scan application for vulnerabilities in run-time.

IBM Security AppScan Standard supports:

  • Broad coverage to scan and test for a wide range of application security vulnerabilities.
  • Accurate scanning and advanced testing that delivers high levels of accuracy.
  • Quick remediation with prioritized results and fix recommendations.
  • Enhanced insight and compliance that helps manage compliance and provides awareness of key issues.

Configuring AppScan Standard to perform automated scanning with custom batch jobs or shell scripts can be a time-consuming and error-prone process.

This Jenkins plugin greatly simplifies the process of automating AppScan Standard by providing global settings and simple scan configuration within Jenkins.

For more information on IBM AppScan Standard, please visit the official IBM site at http://www-03.ibm.com/software/products/en/appscan-standard


This plugin requires the following:

  • AppScan Standard installed with a valid license on a node (slave) or master.

Plugin Setup

Plugin Configuration

  1. From the Jenkins homepage, click Manage Jenkins and then Global Tool Configuration
  2. Scroll down the page and locate the section titled AppScan Standard
  3. Click Add AppScan Source
  4. Fill out the AppScan Source form
    1. Name: A name for this instance of AppScan Standard. This is just to help manage environments that may have multiple installations
    2. AppScan Standard Installation Directory: The path to the installation directory. Note: the default value is C:\Program Files (x86)\IBM\AppScanStandard
  5. Click Save

Using the plugin

  1. Create a new job or access an existing job
  2. Select "Configure"
  3. Select "Add build step" and select "Run AppScan Source"
  4. Complete the fields that appear:
    1. AppScan Source installation will show the name you provided for the installation on the global configuration screen. If you have not added an installation, please go the the Jenkins Configure System link under Manage Jenkins. If you only have one installation configured, the installation should be selected for you. If you plan to execute AppScan Source on multiple Jenkins nodes, you may need to configure multiple installation paths.
    2. Disable scan should be unchecked if you wish the scan to run
    3. Accept SSL Errors should be checked if you have not created a trusted certificate for your AppScan Source installation. In an Enterprise environment, this should not be checked, since you should be using a trusted certificate.
    4. Scan Workspace Directory is where scan artifacts, like WAFL and staging files will be placed. Scan results (.ozasmt file) will also be placed in this directory.
    5. Application file should point to a PAF or SLN file to scan.
  5. Click Save at the bottom
  6. Run the job.


This version of the plugin was tested with Jenkins 1.651.1 and IBM Security AppScan Source 9.0.3. Plugin should work with any version of AppScan Source 9.0.0 or newer.


Support automated publishing of scan results to AppScan Enterprise.

Execute application scans with IBM Security AppScan Source

For additional information about this plugin, please see the project's README on GitHub

  • No labels