OWASP Dependency-Check Plugin on Jenkins CI

The OWASP Dependency-Check Plugin will locate npm, maven, php, jar packages and analysze them for known security vulnerabilities (full support list is on the website). To use, you need to create a build step on the app build job you have, after all dependencies installed, then publish the report in a post-build step.

Install the plugin:

  • Manage Jenkins -> Manage Plugins -> Available
  • Search for “Custom tools”, then click “Install”

Job Build step:

After last build step add “Invoke OWASP Dependency-Check analysis” build step
Enter path to scan (e.g. ${WORKSPACE})

Post-build step:

Add post-build action “Publish OWASP Dependency-Check analysis results”, and enter a filename

Save and Build:

On the Job dashboard, you will see a graphical chart to the right, and a link to “Dependency-Check Warnings” granular report in left-hand menu.


No Comments

You can leave the first : )