The OWASP Dependency-Check Plugin will locate npm, maven, php, jar packages and analysze them for known security vulnerabilities (full support list is on the website). To use, you need to create a build step on the app build job you have, after all dependencies installed, then publish the report in a post-build step.
OWASP ZAP is a very established and useful test tool, and there is a Jenkins plugin ZAProxy to enable you to easily include it in CI. You can add it as a step to an exiting job, and create a job specifically to run ZAP. Instead of using a lot of screenshots, I have done it as a step-by-step text-only guide.
A tool which will automate the crawling of AJAX applications. It can be daisy-chained with other proxies (like ZAP or Burpe) to allow the functionality of those tools to be used on aspects of a web app that traditional spidering tools will miss.
[vimeo width=”500″ height=”375″]http://vimeo.com/31059474[/vimeo]