Jenkins

Jenkins is an open-source automation tool written in Java with plugins built for Continuous Integration purposes.  It is used to continuously build and test your software projects, making it easier for developers to integrate changes to the project and easier for users to obtain a fresh build.  It also allows you to continuously deliver your software by integrating with a large number of testing and deployment technologies.

Jenkins logo

How to Integrate with Edgescan:

The Edgescan plugin allows DevOps teams to initiate VM scanning directly from Jenkins.  Once initiated, a scan will take place, and a pass/fail will be returned depending on configured criteria.  The build will fail if the results do not match the configured criteria.  Otherwise, the build will proceed to the next step if applicable.

It is the most popular CI/CD system in use today, with a rich ecosystem of plugins, and virtually unlimited flexibility. And of course, it’s easy to get Edgescan integrated into their pipelines.

Let’s get started with a simple example.

Server Requirements

You will need a recent version of Jenkins with the default recommended set of plugins. That should include the Pipeline and Credentials plugins.

Your server or build node needs Docker. For our test, we installed Jenkins and Docker on the same server, and we added the jenkins user to the docker group so that Jenkins jobs could access the Docker daemon, like so:

$ sudo usermod -a -G docker jenkins

Secure Your API Key

Save your Edgescan API key as a “Secret text” entry in Jenkins Credentials. You can later extract that secret as an environment variable, ES_API_TOKEN, in your pipeline script.

Configure Jenkins Pipeline

From the web console, create a new Jenkins Pipeline job.

In the Job Configuration settings, configure the Pipeline section to point to a Jenkinsfile in your code repository. Usually, this file would be in the root of your repository.

Next, create a Jenkinsfile at the base of your code repository with the following contents:

pipeline {
    agent any
    stages {
        stage ("Pull Edgescan Image") {
            steps {
                sh 'docker pull edgescan/cicd-integration'
            }
        }
        stage ("Run Edgescan Test") {
            environment {
                ES_API_TOKEN = credentials('ES_API_TOKEN'),
                ES_ASSET = 12345
            }
            steps {
                sh '''
                docker run -t \
                    -e ES_API_TOKEN=${ES_API_TOKEN} \
                    -e ES_ASSET=${ES_ASSET} \
                    -e WAIT=true \
                    edgescan/cicd-integration
                '''
            }
        }
    }
}

Run It

Check the Jenkinsfile into source control. Start your job from Jenkins, and watch the job run from Console Output. You should see your scan initiate, run, and print a summary of results. Also check your account at Edgescan to review your scan details!