Allows you to run web security tests from the cloud using Tinfoil Security.
If you navigate to 'Manage Jenkins > Configure System', you should see a section labeled Tinfoil Security. Here, you'll be able to set your Tinfoil API keys, as well as optionally set a hostname of your Tinfoil Security installation if you are using the Tinfoil appliance and proxy information if needed.
First though, you'll need to get your API keys. To generate a set of API keys, log in to your Tinfoil Security account and navigate to https://www.tinfoilsecurity.com/add_ons. From there, you can select the checkbox to enable the Tinfoil API and create an API key. Make sure you create a 'Full Access' API key pair, since 'Read-Only' API keys cannot start scans. Keep in mind you won't see the actual values of your API keys until you've clicked 'Save'.
Then hit the 'add' button on the credentials line and select the context you want to add the credentials to ('Jenkins' is the default)
Choose the 'Username with password' kind and fill in your Access Key as the username and Secret Key as the password.
For each project in your Jenkins installation. You can configure a Tinfoil Security Post-build Action which allows you to specify a Tinfoil Site ID for the site you want to scan at the end of your Jenkins build.
To find your Site ID, you need to log in to your Tinfoil Security account and navigate to the settings panel for the site you want to scan. Underneath the site name and URL, you should see the auto-generated Site ID for that site.
To use the Tinfoil Security plugin, just run a build. When Jenkins performs the Tinfoil Security post-build action, you will see a message like this in your console output telling you everything is working.
Tinfoil Security scan started! Log in to https://www.tinfoilsecurity.com/sites to view its progress.
For support, please e-mail us at firstname.lastname@example.org