December 2017
Intermediate to advanced
364 pages
7h 30m
English
Content preview from Security Automation with Ansible 2
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Continuous scanning workflow using ZAP and Jenkins
Jenkins is an open source automation server. It is used extensively in CI/CD pipelines. These pipelines usually refer to a series of automated steps that occur based on triggers, such as code commits to version control software or a new release being created.
We already saw the example of ZAP Baseline's scans being part of the Mozilla release cycle. We can integrate ZAP with Jenkins. While there are many ways we can do this, a useful set of steps will be the following:
- Based on a trigger, a new ZAP instance is ready for scanning
- The ZAP instance runs against an automatically deployed application
- The results of the scan are captured and stored in some format
- If we choose, the results can ...