Product Security and Jenkins
Submitted By Jenkins User Chris Siv
Security is first for this test engineer.
Programming Language: C/C++, Python
Version Control System: Subversion
Build Tool: Maven
Community Support: Jenkins.io websites & blogs, Spoke with colleagues and peers
Security, automation and software acceleration with Jenkins.
Background: My company needed to improve our DevOps environment. As the test engineer, I wanted to make sure the environment was secure. I sought to automate processes as we would manually start and browse results of Security Testing (SAST) and Dynamic Application Security Testing (DAST) after each software component change.
Goals: Deliver secure software to network elements.
Solution & Results:
Jenkins was used to integrate and automate Static Application Security Testing and Dynamic Application Security Testing tools. When there is a change in any component that is a part of our software, Jenkins automatically starts its jobs. With its functionality, team members receive an email notification if there’s a new finding in our software.
We use email notifications to inform team members about results. Additionally, we are using a plot to visualize security errors in each build.
We were thrilled with the results, which have included:
- Improved product security
- Shortened development release cycles
- Elimination of the need for the team to perform manual work