The Jenkins plugin for Qualys WAS empowers DevOps teams to build application vulnerability scans into their CI/CD processes. By integrating and automating scans in this manner, application security testing is accomplished earlier in the SDLC to catch and eliminate security flaws.
With a valid Qualys WAS account, you can configure the plugin to fail the build if certain criteria are met such as presence of specific QIDs or a severity 5 vulnerability for example. The plugin supports both freestyle projects and pipeline projects and scan results can be viewed directly in Jenkins. A link to the full scan report in the Qualys Platform UI is provided as well.
Version 2.0.2 of the WAS Jenkins plugin is now available. This version fixes a small bug. Other recent improvements include a timestamp on the console output and an option to have the build fail if WAS can't scan the web application for some reason such as the application is not running or the scanner is unavailable.
- Jenkins plugin for WAS v2.0.2 - download attachment below
- User Guide for the plugin - download here