Jenkins Follow

Deepfactor integrates with Jenkins using a Jenkins plugin. This provides a simple mechanism to automatically instrument your applications using Deepfactor as part of the build process.

From your Jenkins portal, follow the instructions below to integrate Jenkins and Deepfactor and automatically instrument your applications.

First, download the Deepfactor Jenkins plugin installer available here to your local drive. Then go to your Jenkins home page Dashboard and click on Manage Jenkins. 

 

 

Next, click on Manage Plugins.

 

 

Navigate to the Advanced Tab.

 

 

Scroll down to Upload Plugin.

 

 

Choose deepfactor-plugin.hpi from your local drive and select Upload. Wait for the file to be uploaded and installed.

 

 

You can optionally restart Jenkins (recommended if you are reinstalling the plugin) or verify the plugin installation by clicking on Manage Plugins by going to Dashboard → Manage Jenkins → Manage Plugins and selecting the Installed tab.

 

 

Note: the version number may vary (from the above screenshot) based on what version you have installed.

 

Deepfactor Configuration

To configure Deepfactor, you must configure the global parameters. To do this, go to Manage Jenkins and Click on Configure System.

 

 

Next, Scroll down to Deepfactor Configuration and fill in the following parameters:

• Admin Portal URL - Your Deepfactor portal URL.

• Verify Portal Certificate - Deepfactor portal uses a self-signed certificate by default. If you have configured a custom SSL certificate on your portal and want this plugin to verify the certificate presented by Deepfactor portal APIs, you can enable this option.

• Deepfactor API Token - Please refer to https://docs.deepfactor.io/hc/en-us/articles/1500005374742 to learn how to obtain the token from your Deepfactor portal.

• Deepfactor Run Token - This can be obtained from your Deepfactor portal by going to the Home/Applications page → Run With Deepfactor (Top-right corner) → Docker (left pane) → Step 2 → Copy only the token from export DF_RUN_TOKEN=token and paste here:
  
  

Finally, save the configuration.

 

Deepfactor Build Steps

The Deepfactor Jenkins plugin supports the following build steps. You can use the same steps in Jenkins Freestyle or Pipeline projects.

 

Freestyle	Pipeline
Deepfactor Build Image	deepfactor
Deepfactor DAST Scan	dfDASTscan
Deepfactor Report	dfreport

 

Pipeline Usage

deepfactor

This build step will enable you to add Deepfactor to your Docker image.

Prerequisite: Ensure you have docker installed on the Jenkins agent where you are running this build step.

Please refer to https://www.jenkins.io/doc/book/using/using-agents/ to learn about running your jobs using Jenkins agents.

Please refer to https://docs.docker.com/engine/install/ to learn how to install Docker engine in your environment.

 

Build step command: deepfactor.

 

Parameter name	Type	Description
pullImage	Boolean	Set to true if Deepfactor should pull the latest image of your application (similar to --pull of docker build command).
imageToBeInstrumented	String	Application’s docker image name.
appName	String	Application name to be mapped/created in the Deepfactor portal.
componentName	String	Component name to be mapped/created in the Deepfactor portal.
componentVersion	String	Version of this component to reflect in the Deepfactor portal.
instrumentedImageName	String	Output Deepfactor instrumented Docker image name.

Sample Pipeline

pipeline {
    // agent any
    // or an agent node
    agent { label 'myjenkinsagent' }
    stages {
        stage("DeepFactor Docker Build") {
            steps {
                deepfactor pullImage: true,
                    imageToBeInstrumented: 'swaggerapi/petstore3',
                    appName: 'My Application',
                    componentName: 'petstore',
                    componentVersion: '1.0.0',
                    instrumentedImageName:'petstore3-df'
            }
        }
    }
}

 

Upon successful execution of this step, you will have the instrumented image on your Jenkins agent node. You can also use the same in your subsequent build steps.

 

dfDASTScan

This build step will enable you to trigger a Deepfactor enabled DAST scan on an active web service running on your application.

Build step command: dfDASTscan (case sensitive)

Parameter name	Type	Description
appName	String	Application name as in Deepfactor portal.
componentName	String	Component name as in Deepfactor portal.
webservicePort	Integer	Port number on which the web service is running.
envName	String	[Optional] Environment under which the component is running. The default value is assumed to be 'Default'.
scanConfigName	String	In Deepfactor Portal, various parameters for a scan could be saved as a configuration with a name. The same could be used in subsequent scans or in this command. Please refer to https://docs.deepfactor.io/hc/en-us/articles/360052013714-Starting-a-DAST-Scan to learn how to save the scan configuration.

 

Sample Pipeline

pipeline {
    // agent any
    // or an agent node
    agent { label 'myjenkinsagent' }
    stages {
        stage("DeepFactor DAST Scan") {
            steps {
                dfDASTscan appName: 'My Application',
                    componentName: 'petstore',
                    webservicePort: 8069,
                    envName: 'PreProd',
                    scanConfigName: 'jenkinsscan'
            }
        }
    }
}

 

Upon successful execution of this step, the DAST scan will start and its status reported every minute in the console log. The job will end only when the scan is completed, irrespective of the successful or unsuccessful outcome. You can verify the scan status on your Deepfactor portal as well.

 

dfreport

This build step will enable you to generate an HTML alerts report from a component.

 

Build step command: dfreport

 

Parameter name	Type	Description
appName	String	Application name as in Deepfactor portal.
componentName	String	Component name as in Deepfactor portal.
envName	String	[Optional] Environment under which the component is running. Default value is assumed to be 'Default'.
delay	Integer	Number of minutes to wait before fetching the alerts to report. If you are triggering this step immediately after the scan completion, it is recommended to configure a value above 5 (minutes) for the alerts to be captured by the system for reporting. If you are handling the delay elsewhere or you are generating the report for a scan that ran earlier, this value could be 0 (zero).

 

Sample Pipeline

pipeline {
    //agent any
    // or an agent node
    agent { label 'myjenkinsagent' }
    stages {
        stage("DeepFactor Report"){
            steps{
                dfreport appName: 'My Application',
                    componentName: 'petstore',
                    envName: 'PreProd',
                    delay: 6
            }
        }
    }
}

 

Upon successful completion of this step, the Deepfactor report will be available at dfreports/dfreport.html under the job’s workspace. Due to the security restrictions in Jenkins, opening the link directly may show an unformatted report. To view a formatted report, we recommend that you save the report locally and then open it in a browser.

 

Freestyle Projects

Once the plugin installation is complete, in any of the Freestyle project configurations, you will see the following new Deepfactor build steps, along with other existing build steps.

 

 

Deepfactor Build Image

This build step will enable you to add Deepfactor to your docker image.

Prerequisite: Ensure you have docker installed on the Jenkins node where you are running this build step.

 

Parameter name	Description
Name of the image to be instrumented	Application’s Docker image name.
Alpine Image	Check this box if your application image is based on Alpine.
Pull image (--pull)	Check this box if Deepfactor should pull the latest image of your application (similar to --pull of docker build command).
Deepfactor App Name	Application name to be mapped/created in Deepfactor portal.
Deepfactor Component Name	Component name to be mapped/created in Deepfactor portal.
Deepfactor Component Version	A version of this component to reflect in Deepfactor portal.
Instrumented image name	Output Deepfactor instrumented docker image name.

 

Upon successful execution of this step, you will have the instrumented image on your Jenkins agent node. You can use the same in your subsequent build steps.

 

Deepfactor DAST Scan

This build step will enable you to trigger a Deepfactor enabled DAST scan on an active web service running on your application.

Parameter name	Description
Application Name	Application name as in Deepfactor portal.
Component Name	Component name as in Deepfactor portal.
Webservice Port	Port number on which the web service is running.
Environment Name	[Optional] Environment under which the component is running. The Blank (Default) value is assumed to be 'Default'.
Scan Config Name	In Deepfactor Portal, various parameters for a scan could be saved as a configuration with a name. The same could be used in subsequent scans or in this command. Please refer https://docs.deepfactor.io/hc/en-us/articles/360052013714-Starting-a-DAST-Scan to know how to save the scan configuration.

 

Upon successful execution of this step, the DAST scan will start, and the status reported every minute in the console log. The job will end only when the scan is completed, irrespective of the successful or unsuccessful outcome. You can verify the scan status on the Deepfactor portal as well.

 

Deepfactor Report

This build step will enable you to generate an HTML report of alerts from a component.

 

Parameter name	Description
Application Name	Application name as in Deepfactor portal.
Component Name	Component name as in Deepfactor portal.
Environment Name	[Optional] Environment under which the component is running. The default (Blank) value is assumed to be 'Default.'
Delay to fetch report (minutes)	The number of minutes to wait before fetching the alerts to report. If you are triggering this step immediately after the scan completion, it is recommended to configure a value above 5 (minutes) for the alerts to be captured by the system for reporting. If you are handling the delay elsewhere or you are generating the report for a scan that ran earlier, this value could be 0 (zero).

Upon successful completion of this step, the Deepfactor report will be available at dfreports/dfreport.html under the job’s workspace.

Due to Jenkins security restrictions, opening the link directly may show an unformatted report. To view a formatted report, save the report locally, and open it in a browser.