This plugin allows you to trigger automated Acunetix scans as part of your web application's build process inside of Jenkins.
Acunetix is an automated web application security testing and vulnerability management platform. Acunetix automatically crawls and scans off-the-shelf and custom-built websites and web applications for over 3000 web vulnerabilities to help organizations shore up their web security.
The Acunetix Jenkins Plugin enables you to:
After setting up the Acunetix Jenkins Plugin, you can configure any Jenkins job with a build step action to trigger an Acunetix scan. When an Acunetix scan is triggered, Jenkins will launch a scan against a Target you specify and is scanned with settings configured in Acunetix. Jenkins will pass or fail the build based on criteria you provided.
Note – The Acunetix Jenkins Plugin requires an Acunetix API key, which is only available in Acunetix Enterprise.
To install the Acunetix Jenkins Plugin:
To configure the Acunetix Jenkins Plugin:
The Acunetix Jenkins Plugin requires access to the Acunetix API and API key, which is only available in Acunetix Enterprise.
The Acunetix Jenkins Plugin will display all Targets in an Acunetix installation, with the exception of Targets requiring Manual Intervention as part of their Login Sequence. Please make sure that the Target you wish to select does not make use of Manual Intervention.
If you have multiple Targets with the same URL, it is advised that you enter a description in the Target's settings to be able to differentiate between them. The Target's description will show up in Jenkins if one is available.
When Jenkins attempts to start a scan, the scan is placed in a scan queue. If the scan queue is empty, then the scan will start immediately. However, if the maximum number of scans (including scheduled scans) in the scan queue is reached, the scan will wait in the queue until other scans finish processing. This also means that the Jenkins build will not finish processing until the scan is complete.
Aborting the Jenkins build will also abort the scan. You may still view partial results inside of Acunetix. Reports will not be automatically generated if the Jenkins build is aborted (you can manually generate reports from within the Acunetix UI).
If a scan that was started by Jenkins is stopped from the Acunetix UI or via the Acunetix API, the Jenkins build will also be aborted. Reports will not be automatically generated if the scan is stopped (you can manually generate reports from within the Acunetix UI)
All Standard reports can be generated from Jenkins (Affected Items, Developer, Executive Summary and Quick reports). Compliance reports (PCI DSS, OWASP Top 10, ISO 27001…) for the scans run by Jenkins may be generated from within the Acunetix UI.
Reports generated from Jenkins are generated on the main application and a download link is provided in the console output
Please refer to this Jenkins article on disabling and removing Jenkins plugins and associated plugin data
Improvements: Use Jenkins credentials for storing the API Key
Improvements: Better exception handling like situations when configured target or profile have been deleted in main application
Fixed 429 error when pairing with online build