See https://docs.nowsecure.com/auto/integration-services/jenkins-integration for adding API token.
Select Credentials from sideline:
Store API Key as Secret text:
Select Configure option from Jenkins console, then select dropdown of build step and choose NS Auto Jenkins Plugin, e.g.
Kick off your mobile builds and you will see the raw JSON reports and score under artifacts folder.
Adding plugin to pipeline:
Sample pipeline script
pipeline {
agent any
stages {
stage('security-test') {
environment {
apiKey = credentials('AutoApiKey')
}
steps {
step([$class: 'NSAutoPlugin', apiKey: env.apiKey, binaryName: 'myapk.apk', breakBuildOnScore: true, description: 'my description', group: 'mygroup', waitForResults: true, showStatusMessages: true, debug: true, proxyEnabled: false])
}
}
}
}
*** Note: The apiKey will retreive credentials from Jenkins; binaryName and group are required fields but other parameters such as breakBuildOnScore, waitForResults and showStatusMessages are optional parameters.
*** Note: proxyEnabled would use Jenkins' proxy settings if available ***
This plugin generates following artifacts:
- nowsecure-auto-security-test-uploaded-binary.json - stores metadata in json format after mobile file is uploaded.
- nowsecure-auto-security-test-preflight.json - stores output json when request of preflight is submitted.
- nowsecure-auto-security-test-request.json - stores output json when request of security test is submitted.
- nowsecure-auto-security-test-report.json - stores output json when security analysis is completed.
- nowsecure-auto-security-test-score.json - stores output json for overall score of security test.