This article describes how to configure Strobes along with a build automation tool such as Jenkins to trigger SAST and DAST scanners within your CI/CD pipeline. We achieve this by creating an extra build step that uses the Strobes configuration to run the scans in a remote environment and send back results.
Steps to Setup Jenkins
- Download the latest Strobes Jenkins Plugin HPI from releases Releases · strobes-co/strobes-jenkins-plugin (github.com)
- Head over to manage Jenkins
- Click on manage plugins
- Click on the Advanced tab
- Scroll down to the Upload plugin
- Select the HPI file you downloaded in the first step
- The plugin will get installed as shown in the above screenshot
- A restart is not required for this plugin
- Go to Strobes instance logged in as owner or manager
- Head over to the API access page under Settings
- Generate an API token and copy it
- Go back to manage Jenkins and click on the configuration
- Scroll down till you find a new section called “Strobes Scan”
- Configure the URL and API key. (Note: The url should be in the format of https://<yourorganization>.strobes.co )
- Go back to Jenkins Dashboard and select an existing project or create a new project to add Strobes build step
- Scroll down to build and click on add build step, you’ll see a strobes scan step - click it
- Configure the build step
- Scan configuration is the one that you created inside Strobes
- Target is the Branch name or URL you want to scan
- Build criteria - select “stop on failure” if you want to stop the scan on bugs found
- Time to wait - enter max time for wait
- And you’re Jenkins build step should be ready
- The console output of the scan
Comments
Article is closed for comments.