Set Up Jenkins for ZeroNorth

ZeroNorth Experts
1

This guide describes the set-up process for integrating Jenkins CI/CD Pipeline with the ZeroNorth Continuous Application Security Platform . Integrating with ZeroNorth provides automated and orchestrated scans of your application build artifact to continuously manage exposure to vulnerabilities.

Prerequisites

The steps described in this document assume that the following are in place:

  • ZeroNorth Platform license and credentials
  • Jenkins server with:
    • Jenkins Pipeline Plugin
    • Docker Pipeline Plugin
  • Connectivity from Jenkins server to https://api.zeronorth.io/documentation over port 443

Set up Jenkins for Automatic Scans with ZeroNorth

image

  1. A znADM user ensures that one or more desired Scenarios are activated.
  2. Ensure that the necessary plugins are installed in your Jenkins server.
  3. Add your ZeroNorth credentials into your Jenkins server.
  4. Configure the Jenkinsfile to automatically trigger the scan via ZeroNorth.

ZeroNorth will orchestrate automatic scans of your project artifacts upon build (or schedule) using the Scenario specified in your Jenkinsfile. The results will be visible in the ZeroNorth dashboards. The following sections describe the above steps in detail.

1) Jenkins Plugins

Integration between Jenkins and ZeroNorth is orchestrated through ZeroNorth’s Docker Integration image. It is not necessary to install the Docker container daemon. Instead, ensure that the following plugins are installed in your Jenkins server:

  • Jenkins Pipeline Plugin
  • Docker Pipeline Plugin

2) Add your ZeroNorth Credentials to Jenkins

Sign in to your Jenkins server, and then navigate to Credentials > System > Global Credentials (unrestricted) :

image
image1248×646 98.4 KB

Add the credentials you would use to connect to the ZeroNorth UI (i.e. https://fabric.zeronorth.io/ ). Note the label you specified in the ID field, as you will need this value in the next step.

Alternatively, store your ZeroNorth API Token as a “Secret Text”:

image
image905×421 24 KB

3) Configure Jenkins

Next, add or modify the Jenkinsfile in your project by adding the lines seen in the below example (go to the bottom of this article for a downloadable example):

image
image1104×608 42.4 KB

Some points to note

The line of code in the Jenkinsfile that begins with image.inside(... is the line that invokes ZeroNorth’s Docker Integration image ( zeronorth/integration:latest ). Key features and things to note about this line:

  • -v ...:/code - points to the directory where the project code and build files are to be found. To scan the entire workspace, leave it as in the example.
  • -v ...:/results - points to the directory where the scan results will be placed.
  • If a folder path contains white space characters, it must be escaped like:
    -v \"{workspace}:/code}\"
  • There are two options for providing the ZeroNorth credentials:
    1. Supply -e CYBRIC_API_KEY='<ZeroNorth user profile token>' (see the article Obtaining your ZeroNorth API Token ). This is the recommended method as seen in the above example.
    2. Supply CYBRIC_USER and CYBRIC_PASSWORD parameters.

Once the above steps are completed, Jenkins will invoke ZeroNorth to run a scan of the build artifact whenever a build runs, the results of which will be visible in the ZeroNorth UI as a Policy run record.

Jenkins Security

If you installed the two Pipeline plugins for the first time, the build will necessarily fail on the first run due to Jenkins’ built-in security mechanism. When this happens, go into the Jenkins UI, and then navigate to Jenkins > Manage Jenkins > In-process Script Approval and then approve the pending Groovy script signature.

1 KB Download