Jenkins


Features

The RIPS plugin lets you run scans directly from within Jenkins. Without needing to build or compile the source code, it can be scanned by RIPS either on your local server or in our SaaS version.

You can find out more about our Jenkins plugin in our blog post.

Jenkins Setup

Install Java and Jenkins with the following steps:

  1. Download and install Java 8 JRE (https://www.java.com/).
  2. Download and install Jenkins LTS or newer (version >= 2.107.3) as described at https://jenkins.io/download/.
  3. If you are running RIPS and Jenkins on the same server, please make sure to change the HTTP_PORT in /etc/default/jenkins to e.g. 8081 (default 8080) in order to prevent a collision with the RIPS API port.



Plugin Setup

  1. Obtain the RIPS plugin file from https://files.ripstech.com/jenkins/rips-jenkins-3.2.0.hpi.
  2. From the Jenkins Dashboard, go to Manage Jenkins → Manage Plugins.



  3. In the Advanced tab under Upload Plugin, click Browse... and select the RIPS plugin file. Afterwards click Upload. (A restart is only required when updating a plugin.)


Plugin Configuration (optional)

  1. From the Dashboard go to Manage Jenkins → Configure System.



  2. Scroll down to the RIPS section, and provide:
    1. the URL to web user interface (UI) of your RIPS instance,
    2. the URL to the RIPS API you are using. Our SaaS API is available at https://api-3.ripstech.com. This API also works for trial accounts. For On-premises, make sure to also add the port of your API, for example: http://192.168.201.1:8080



  3. Define time to wait for the engine to complete the job,
  4. Define the Job status when scan returns an error. Failure: causes the entire build fail if an error occurs. Unstable: causes the job to proceed normally but switches to an unstable status upon completion.
  5. Modify the version name pattern which is shown in the UI.
  6. Click Save or Apply to save the changes.

Credentials Configuration

  1. From the Dashboard go to CredentialsSystem



  2. Click on Add domain



    1. enter your API URL [2]
    2. Click AddHostname [3]
    3. Enter the API URL in the Include field [4]
    4. Click OK

  3. Enter your login data (Email and password of your RIPS user account) and click OK.




  4.  (optional step) The credential ID used in the Jenkinsfile could be found in the credentials overview.



Scan Configuration

Configuring a scan action:

  1. From the Jenkins Dashboard, go to a Job's page (or create a new freestyle project if no job exists).
  2. Open the Configure page of your job.
  3. In the Build tab, click Add build step → RIPS Scan. The scan action configuration fields are displayed.



  4. Select credentials and an Application ID.


  5. The other settings are optional.
  6. Click Save or Apply to save the changes.

Version Pattern

PatternDescription
{isoDateTime}
Insert timestamp of the scan starting time.
{buildSystem}
Insert "Jenkins".
{buildNumber}
Insert current build number.
{projectName}
Insert full project name.
{projectKey}
Insert project name.
{branch}
Insert name of current branch. (git only)

View Scan Results

Results of scans can be shown on the Job and each Build page:

  • Job
    • Result widget: The number of vulnerabilities per severity level found in the last build.
    • Vulnerability Trend Graph: A graph of the number of found vulnerabilities per severity level found in recent builds.
  • Build
    • Result widget: The number of vulnerabilities per severity level found in the build.
    • A link to the UI.