Links

Set up Jenkins

Installing the oak9 plugin within Jenkins enables quick tracking, identifying and remediating issues that could jeopardize the application’s security posture over time by suggesting fixes that are made available for vulnerabilities or as new vulnerabilities are disclosed.

Create an oak9 account

To start using oak9 as part of the pipeline build, first create an oak9 account by clicking here

Integration within the oak9 platform

In the oak9 app, navigate to the “Integrations” page and click on the “Add Integration” button under Jenkins in the CI/CD Integrations section. See figure below.
Select the following information from the dialog box that shows up. See figure below

Integration from the Jenkins Marketplace

Steps to Install

Go to the Jenkins URL

  1. 1.
    On the left-hand panel, click Manage Jenkins.
  2. 2.
    Click Manage Plugins.
  3. 3.
    Click the Available tab to show a list of the available plugins.
  4. 4.
    Select the plugin that needs to be installed from the list, then click Install without restart.
    • It is possible to search for plugins by entering their name in the Filter search box, located in the upper-right corner of the page.
    • The Available tab will only show those plugins that haven’t been installed in the system.
    • If the list doesn’t show any plugins matching the name entered, switch to the Updates tab to find updates for plugins already installed.
  5. 5.
    Once the Success message pops-up for the plugin on the Installing Plugins/Upgrades page, click Manage Plugins from the left-hand panel.
(Note to Editor: Include screenshots of oak9 in Jenkins Marketplace)

Steps to Add and Configure oak9 in Jenkins

  1. 1.
    Open a web browser and go to the Jenkins' Home Page URL.
  2. 2.
    From the left-hand panel, click Manage Jenkins.
  3. 3.
    Click Configure System.
  4. 4.
    In the oak9 section, click Add oak9.
  5. 5.
    Select the Install automatically checkbox.
  6. 6.
    Click Add Installer, then select the Install oak9
  7. 7.
    Click Save.

Create a FreestyleJob with oak9

  1. 1.
    Open a web browser and go to the Jenkins' Home Page URL.
  2. 2.
    From the left-hand panel, click New Item.
  3. 3.
    Enter the Item Name field.
  4. 4.
    Select Freestyle project.
  5. 5.
    Under Build use the Add Build Step dropdown to select oak9
6. Provide the Organization ID, Project ID and the oak9 API key as a Credential and choose a severity at which point the Jenkins job should fail.
7. The credential type must be Secret Text and the API key must be placed in the Secret field.
8. After selecting Secret Text, insert the Secret and ID from oak9 here.
9. From the left side menu, click Build Now. This will create a new workspace in Jenkins, which is where it will configure:

Getting oak9 started for the Jenkins Pipeline

  1. 1.
    From the left-hand panel, click Manage Jenkins.
  2. 2.
    From the Manage Jenkins page, click Global Tools Configuration.
  3. 3.
    In the oak9 section, click Add oak9.
  4. 4.
    Enter a name for the oak9 Configuration.
  5. 5.
    Click Save.
  6. 6.
    Go back to Manage Jenkins, select Manage credentials
  7. 7.
    Under Domain, create a new entry by selecting Add Credentials
  8. 8.
    Select the oak9 API/Secret text (oak9 )
9. Now its time to get oak9 into the pipeline, select the correct Project/Pipeline
10. Select Configuration from the left panel (oak9 will now be another step into the pipeline)
11. Scroll down to build and and select Add Build Step
12. Select “oak9“
13. Fill in the information relevant to the specific pipeline

Other method to include oak9 in the pipeline:

  1. 1.
    Create a Pipeline
  2. 2.
    In sample Step, select oak9
  3. 3.
    Select the correct API token or add a new one
  4. 4.
    In Jenkinsfile, add a step for the oak9Builder: step([$class: 'Oak9Builder', credentialsId: 'oak9-api-key', orgId: "acme-company", projectId: "acme-company-1", maxSeverity: 2])
  5. 5.
    A simple, but complete, pipeline description might look like:
When using the Pipeline configuration, severities are as follows:
  1. 1.
    0 - Do not fail in any case.
  2. 2.
    1 - Fail for Low and above
  3. 3.
    2 - Fail for Moderate and above
  4. 4.
    3 - Fail for High and above
  5. 5.
    4 - Fail for Severe only
Once oak9 is in place, the Project will appear
  1. 1.
    Click the Build Now link shown in the left-hand panel.
    • This will start the system test that was just configured.
    • It should say under the Build History section in the left-hand panel, there is a new job id indicating that the job is executing.
    • After a few seconds it will show either a green or yellow icon indicating whether all the test cases passed, or at least one of them failed.
  2. 2.
    In the left-hand panel, click the build number right under the Build History header to see the results of the test.
  3. 3.
    In the center pane, click on the Test Result link to see a summary of the test.

Pipeline Output

Example of a failed output
Example of a passing output