At Contrast Security, we believe that application security should be pervasive and transparent. Application security should work within the application development lifecycle instead of modifying it to fit the way the AppSec tool works. To that end, we’ve released integrations for two of most popular build management and integration tools — Jenkins and Maven.
Contrast Enterprise plugin for Maven transparently adds the latest Contrast agent to your application build and utilizes your test automation to discover and report any vulnerabilities within your application. Build and test, AND get functional and security testing results in a single step and in real time. No additional security scanning or test writing required... You get the benefits of security without compromising speed or agility within your development process.
Contrast Enterprise plugin for Jenkins allows users to manage the vulnerability results from Contrast. As a post-build action, you can compare the number of vulnerabilities found against your set thresholds (or fail a build) and check if there are too many. This threshold is configurable based on the number, the type and the severity of the vulnerabilities discovered.
If you’re not using either of these tools, we’ve open sourced our SDK, which utilizes our rich REST API interface so that you can use the information in Contrast to integrate with how you develop in your team.
We’ll continue our work to bring down the barriers between development and security and hasten the transformation of DevOps into DevSecOps and welcome any ideas and suggestions you have to integrate security into how you develop.
Download the plugins now from GitHub now!
~ Jeff Whalen
Principal Product Manager