Jenkins integration

Jenkins Integration Setup Guide for API Scanner

Overview

This guide walks you through integrating API Scanner with your Jenkins pipeline to automatically scan APIs for security vulnerabilities during your build process.

What You Can Achieve

  1. Automated Security Scanning: Run security scans automatically during your Jenkins pipeline builds
  2. Pipeline Control: Choose whether to block or continue builds based on scan results
  3. Continuous Monitoring: Automatically scan newly added APIs in your collection
  4. Real-time Results: Get immediate feedback on your API security posture

Before You Start

Make sure you have the following ready:

Required Setup

  1. Active Jenkins Project: You need a working Jenkins project with pipeline functionality enabled
  2. API Collection in GitHub: Your API collection file should be stored in a GitHub repository that gets updated with new APIs
  3. Existing API Scanner Collection: You must have the same API collection already set up in API Scanner with proper authentication configured
  4. Include refresh tokens if your authentication tokens have short expiry times
  5. Running API Scanner: The API Scanner server must be running during pipeline builds

Step-by-Step Integration Process

Step 1: Configure Integration Settings

 1.Access Integration Module

  1. Open API Scanner in your browser
  2. Navigate to the Integration section

 2.Select Jenkins Integration

  1. From the available integrations list, click on Jenkins

 3.Fill in Connection Details

 4.Enter the following information:

FieldDescriptionExample
Integration TitleA descriptive name for this integration"Production API Security Scan"
User NameYour name or the integration creator's name"John Doe"
Host URLThe URL where API Scanner is hostedhttp://103.81.38.252:9090/ or http://localhost:9090/
Repository URLYour GitHub repository URL containing the API collectionhttps://github.com/yourorg/api-collections
Branch NameThe branch where your API collection is storedmain, develop, or hotfix
API Collection File NameThe exact filename of your API collectionHair Store API-06-09-2024.json

 5.Save Configuration

  1. Click the "Create Connection" button to save your settings

Step 2: Configure Pipeline Behavior

 1.Select Your Collection

  1. Choose the API collection you want to integrate with Jenkins from the "Validate Collection" dropdown

 2.Choose Pipeline Action

  Decide how the pipeline should behave when vulnerabilities are found:

 Option A: Do Not Block Pipeline

  1. The security scan will run, but the pipeline will continue regardless of results
  2. Use this for monitoring purposes without interrupting deployments

 Option B: Block Pipeline

  1. The pipeline will stop if vulnerabilities meet your specified criteria
  2. Set vulnerability thresholds for different severity levels:
  3. Critical: Enter number of critical vulnerabilities that will block the pipeline
  4. High: Enter number of high-severity vulnerabilities that will block the pipeline
  5. Medium: Enter number of medium-severity vulnerabilities that will block the pipeline
  6. Low: Enter number of low-severity vulnerabilities that will block the pipeline

 6.Example: Setting "Critical > 0" will block the pipeline if even 1 critical vulnerability is found.

 7.Generate Integration Script

  1. Click the "Generate Script" button
  2. Copy the generated script to your clipboard

Step 3: Add Script to Jenkins Pipeline

 1.Open Jenkins Project

  1. Navigate to your Jenkins project dashboard
  2. Click on "Configure" from the left sidebar

 2.Update Pipeline Script

  1. Scroll down to the "Pipeline Script" section
  2. Add the copied script from Step 2 to your existing pipeline script
  3. This creates a new stage for API security scanning

 3.Save Changes

  1. Click "Save" to apply the pipeline updates

Integration Complete!

Your Jenkins pipeline is now configured to automatically scan your APIs for security vulnerabilities. Here's what happens next:

  1. Automatic Scanning: Every pipeline build will trigger an API security scan
  2. Real-time Feedback: You'll receive immediate results about any vulnerabilities found
  3. Controlled Deployment: Based on your settings, the pipeline will either continue or stop depending on scan results

Troubleshooting Tips

  1. API Scanner Not Running: Ensure the API Scanner server is active before starting any pipeline builds
  2. Authentication Issues: Verify that your API collection in API Scanner has proper authentication setup
  3. File Not Found: Double-check that the API collection filename exactly matches what's in your GitHub repository
  4. Connection Problems: Confirm that the Host URL is accessible from your Jenkins server

Need Help?

If you encounter any issues during setup, verify that all prerequisite requirements are met and that the API Scanner server is running and accessible from your Jenkins environment.



Discard
Save
Draft
Edit Page New Page Revisions Page Settings

Previous Page

Left

Next Page

Right

On this page