• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Can Contrast Security be run on a CI server?

 
Rancher
Posts: 2759
32
Eclipse IDE Spring Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I already have my code being compiled and tests running on Jenkins. Can I run this code through COntrast Security on a nightly basis so I can get a report every day? Can I see the results on Jenkins? Ideally, it would be great to see some trend charts of security vunerabilities found by Contrast.

I think Eclipse integration is great. It allows the developers to fix the vulnerability as they are writing the code. However, I have lots of legacy code. I need a easy way to scan all the code regularly, create defects in JIRA for the vulnerabilities, fix them when I get time, and re run the code.
 
Contrast Security
Posts: 9
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Short answer is yes!

> Can I run this code through COntrast Security on a nightly basis so I can get a report every day?

Yes, just add the -javaagent flag to your Hava launch config

> Can I see the results on Jenkins? Ideally, it would be great to see some trend charts of security vunerabilities found by Contrast.

Yes. Everything in Contrast is accessible through a REST API. You can even check the REST results after you run your tests and fail the build if you want.

> I think Eclipse integration is great. It allows the developers to fix the vulnerability as they are writing the code. However, I have lots of legacy code. I need a easy way to scan all the code regularly, create defects in JIRA for the vulnerabilities, fix them when I get time, and re run the code.

The Enterprise product works exactly this way. Continuously monitoring your apps in realtime. There's no need to schedule and run scans though. Just use your app normally. You can also push vulns into JIRA with all the details.

Hope that helps!
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic