Page tree
Skip to end of metadata
Go to start of metadata


Features

The RIPS plugin lets you run scans directly from within Jenkins. Without needing to build or compile the source code, it can be scanned by RIPS either on your local server or in our SaaS version.

You can find out more about our Jenkins plugin in our blog post.

Jenkins Setup

Install Java and Jenkins with the following steps:

  1. Download and install Java 8 JRE (https://www.java.com/).
  2. Download and install Jenkins (version >= 2.107.3) as described at https://jenkins.io/download/.
  3. If you are running RIPS and Jenkins on the same server, please make sure to change the HTTP_PORT in /etc/default/jenkins to e.g. 8081 (default 8080) in order to prevent a collision with the RIPS API port.



Plugin Setup

  1. Obtain the RIPS plugin file from https://files.ripstech.com/jenkins/rips-jenkins-2.0.3.hpi.
  2. From the Jenkins Dashboard, go to Manage Jenkins → Manage Plugins.



  3. In the Advanced tab under Upload Plugin, click Browse... and select the RIPS plugin file. Afterwards click Upload. (A restart is only required when updating a plugin.)


Plugin Configuration (optional)

  1. From the Dashboard go to Manage Jenkins → Configure System.



  2. Scroll down to the RIPS section, and provide:
    1. the URL to web user interface (UI) of your RIPS instance,
    2. the URL to the RIPS API you are using,



  3. Define time to wait for the engine to complete the job,
  4. Define the Job status when scan returns an error. Failure: causes the entire build fail if an error occurs. Unstable: causes the job to proceed normally but switches to an unstable status upon completion.
  5. Modify the version name pattern which is shown in the UI.
  6. Click Save or Apply to save the changes.

Credentials Configuration

  1. From the Dashboard go to CredentialsSystem



  2. Click on Add domain



    1. enter your API URL [2]
    2. Click AddHostname [3]
    3. Enter the API URL in the Include field [4]
    4. Click OK

  3. Enter your login data and click OK.



Scan Configuration

Configuring a scan action:

  1. From the Jenkins Dashboard, go to a Job's page (or create a new freestyle project if no job exists).
  2. Open the Configure page of your job.
  3. In the Build tab, click Add build step → RIPS Scan. The scan action configuration fields are displayed.



  4. Select credentials and an Application ID.



  5. The other settings are optional.
  6. Click Save or Apply to save the changes.

View Scan Results

Results of scans can be shown on the Job and each Build page:

  • Job
    • Result widget: The number of vulnerabilities per severity level found in the last build.
    • Vulnerability Trend Graph: A graph of the number of found vulnerabilities per severity level found in recent builds.
  • Build
    • Result widget: The number of vulnerabilities per severity level found in the build.
    • A link to the UI.

  • No labels