jenkinsci (2)


OWASP Dependency-Check Plugin on Jenkins CI

The OWASP Dependency-Check Plugin will locate npm, maven, php, jar packages and analysze them for known security vulnerabilities (full support list is on the website). To use, you need to create a build step on the app build job you have, after all dependencies installed, then publish the report in a post-build step.




OWASP ZAP on Jenkins CI

OWASP ZAP is a very established and useful test tool, and there is a Jenkins plugin ZAProxy to enable you to easily include it in CI.  You can add it as a step to an exiting job, and create a job specifically to run ZAP.  Instead of using a lot of screenshots, I have done it as a step-by-step text-only guide.