Set up Jenkins
Installing the oak9 plugin within Jenkins enables quick tracking, identifying and remediating issues that could jeopardize the application’s security posture over time by suggesting fixes that are made available for vulnerabilities or as new vulnerabilities are disclosed.
In the oak9 app, navigate to the “Integrations” page and click on the “Add Integration” button under Jenkins in the CI/CD Integrations section. See figure below.

Select the following information from the dialog box that shows up. See figure below

- 1.On the left-hand panel, click Manage Jenkins.
- 2.Click Manage Plugins.
- 3.Click the Available tab to show a list of the available plugins.
- 4.Select the plugin that needs to be installed from the list, then click Install without restart.
- It is possible to search for plugins by entering their name in the Filter search box, located in the upper-right corner of the page.
- The Available tab will only show those plugins that haven’t been installed in the system.
- If the list doesn’t show any plugins matching the name entered, switch to the Updates tab to find updates for plugins already installed.
- 5.Once the
Success
message pops-up for the plugin on the Installing Plugins/Upgrades page, click Manage Plugins from the left-hand panel.
(Note to Editor: Include screenshots of oak9 in Jenkins Marketplace)
- 1.Open a web browser and go to the Jenkins' Home Page URL.
- 2.From the left-hand panel, click Manage Jenkins.
- 3.Click Configure System.
- 4.In the oak9 section, click Add oak9.
- 5.Select the Install automatically checkbox.
- 6.Click Add Installer, then select the Install oak9
- 7.Click Save.
- 1.Open a web browser and go to the Jenkins' Home Page URL.
- 2.From the left-hand panel, click New Item.
- 3.Enter the Item Name field.
- 4.Select Freestyle project.
- 5.Under
Build
use theAdd Build Step
dropdown to selectoak9

6. Provide the Organization ID, Project ID and the oak9 API key as a Credential and choose a severity at which point the Jenkins job should fail.

7. The credential type must be
Secret Text
and the API key must be placed in the Secret
field.
8. After selecting Secret Text, insert the Secret and ID from oak9 here.

9. From the left side menu, click Build Now. This will create a new workspace in Jenkins, which is where it will configure:
- 1.From the left-hand panel, click Manage Jenkins.
- 2.From the Manage Jenkins page, click Global Tools Configuration.
- 3.In the oak9 section, click Add oak9.
- 4.Enter a name for the oak9 Configuration.
- 5.Click Save.
- 6.Go back to Manage Jenkins, select Manage credentials
- 7.Under Domain, create a new entry by selecting Add Credentials
- 8.

9. Now its time to get oak9 into the pipeline, select the correct Project/Pipeline
10. Select Configuration from the left panel (oak9 will now be another step into the pipeline)
11. Scroll down to build and and select Add Build Step
12. Select “oak9“
13. Fill in the information relevant to the specific pipeline
- 1.Create a Pipeline
- 2.In sample Step, select oak9
- 3.Select the correct API token or add a new one
- 4.In Jenkinsfile, add a step for the oak9Builder:
step([$class: 'Oak9Builder', credentialsId: 'oak9-api-key', orgId: "acme-company", projectId: "acme-company-1", maxSeverity: 2])
- 5.A simple, but complete, pipeline description might look like:

When using the Pipeline configuration, severities are as follows:
- 1.0 - Do not fail in any case.
- 2.1 - Fail for Low and above
- 3.2 - Fail for Moderate and above
- 4.3 - Fail for High and above
- 5.4 - Fail for Severe only
Once oak9 is in place, the Project will appear
- 1.Click the Build Now link shown in the left-hand panel.
- This will start the system test that was just configured.
- It should say under the Build History section in the left-hand panel, there is a new job id indicating that the job is executing.
- After a few seconds it will show either a green or yellow icon indicating whether all the test cases passed, or at least one of them failed.
- 2.In the left-hand panel, click the build number right under the Build History header to see the results of the test.
- 3.In the center pane, click on the Test Result link to see a summary of the test.
Example of a failed output

Example of a passing output

Last modified 1yr ago