In this article we are going to cover Integration of OWASP Dependency Check with Jenkins, Install OWASP Dependency-Check Plugin in Jenkins, Configure Tool Configuration of dependency-check installation in Jenkins, Create or Configure a Freestyle Project Jenkins, View Dependency-Check Results.
What is OWASP?
OWASP stands for the Open Web Application Security Project. It is a nonprofit organization dedicated to improving the security of software. OWASP achieves its mission through various means, including research, documentation, tools, and community collaboration. The organization focuses on web application security and provides valuable resources for developers, security professionals, and organizations to help them build and maintain secure web applications.
- Jenkins: Make sure you have Jenkins installed and set up.
- Github Project: you should have Maven project Repository.
Steps to Integrate OWASP Dependency-Check with Jenkins:
Integrating OWASP Dependency-Check with Jenkins is a useful way to automate the process of identifying and managing security vulnerabilities in your project’s dependencies. Here are the steps to integrate OWASP Dependency-Check with Jenkins:
Table of Contents
Step #1:Install OWASP Dependency-Check Plugin in Jenkins
- In your Jenkins instance, go to the Jenkins dashboard.
- Click on “Manage Jenkins” in the left sidebar.
- Select “Manage Plugins.”
- Go to the “Available” tab and search for “OWASP Dependency-Check.”
- Check the box next to the plugin and click “Install without restart.”
Step #2:Configure Tool Configuration of dependency-check installation in Jenkins
- You can configure the OWASP Dependency-Check tool in the global tool configuration if it’s not already installed on your Jenkins server.
- In Jenkins, go to “Manage Jenkins” > “Tool Configuration“
- Scroll down to the “OWASP Dependency-Check” section, and you can specify the location of the Dependency-Check tool on your server. If you don’t see this section, it means the tool is already installed and available in your system’s PATH.
Step #3:Create or Configure a Freestyle Project Jenkins
- Create a new Jenkins job or configure an existing one where you want to add OWASP Dependency-Check.
- In the job configuration, you will find Source Code Management in that Select Git after that enter the Repository URL.
- In the job configuration, you will find a new build step called “Dependency-Check Scan.”
- You can configure it with the following settings:
- Dependency-Check Installation: If you’ve configured a specific Dependency-Check installation in the global tool configuration, select it here. Otherwise, you can leave it as “Default.”
- Path to Dependency-Check Database: You can specify a path to the Dependency-Check database, which is used for faster analysis. If not specified, it will use the default database.
- Additional Arguments: You can specify any additional arguments you want to pass to Dependency-Check. For example, to specify the output format or thresholds.
Step #4:Integration of OWASP Dependency Check with Jenkins
- Save your Jenkins job configuration.
- Build the job. When the job runs, OWASP Dependency-Check will analyze your project’s dependencies and report any known vulnerabilities.
Step #5:View OWASP Dependency-Check Results in Jenkins
- Once the job is complete, you can view the Dependency-Check results in the Jenkins job’s build console output or by checking the generated Dependency-Check report.
- The report will include information about the identified vulnerabilities in your project’s dependencies.
- If you want to see dependency-check-report.html then goto workspace.
Click on dependency-check-report.html then you can see like below output.
By integrating OWASP Dependency-Check with Jenkins, you can regularly scan your project for known security vulnerabilities in its dependencies, helping you identify and address potential issues early in the development process.
In this article we have covered Integrating OWASP Dependency-Check with Jenkins, Install OWASP Dependency-Check Plugin, Configure Tool Configuration of dependency-check installation in Jenkins, Create or Configure a Freestyle Project Jenkins, View Dependency-Check Results.