The following plugin provides functionality available through
Pipeline-compatible steps. Read more about how to integrate steps into your
Pipeline in the
Steps
section of the
Pipeline Syntax
page.
For a list of other such plugins, see the
Pipeline Steps Reference
page.
Rapid7 InsightAppSec
insightAppSec: Scan using InsightAppSec
region : String
The data storage region of the target InsightAppSec instance.
insightCredentialsId : String
appId : String
The App containing the Scan Config you wish to scan.
scanConfigId : String
The Scan Config you wish to scan.
buildAdvanceIndicator : String
This configuration option can be used to augment how the build advances based on the status of the scan submitted
- Scan has been submitted - Advance the build when the scan has been submitted successfully
- Scan has been started - Advance the build when the scan has been started successfully
- Scan has been completed - Advance the build when the scan has been completed successfully
- Vulnerability results query has returned no vulnerabilities - Advance the build when the scan has been completed and the vulnerability search query has returned no vulnerabilities
vulnerabilityQuery : String
-
An InsightAppSec search query may be supplied to search vulnerabilities found by the scan.
-
For example, if you wish to fail the build when high severity vulnerabilities have been found, use:
vulnerability.severity='HIGH'
-
The query supplied will automatically be scoped to the scan
-
For more information on vulnerability search queries, consult the InsightAppSec API search documentation here:
https://help.rapid7.com/insightappsec/en-us/api/v1/docs.html#tag/Search
-
If left blank, the build will fail when any vulnerabilities have been found in the scan
maxScanPendingDuration : String
A max scan pending duration may be provided so that the length of time the CI process takes to provide feedback can be controlled.
- This option is ignored if 'Scan has been submitted' has been selected as the build advance indicator
- The duration will take affect when the scan has been submitted
- Upon reaching the duration, the scan will be cancelled and the build will fail
The following format must be used for defining a duration:
0d 5h 30m
- (d) - Days
- (h) - Hours
- (m) - Minutes
A quantity must be supplied for each of the above. e.g.
- 1 day: 1d 0h 0m
- 5 hours: 0d 5h 0m
- 3 hours, 30 minutes: 0d 3h 30m
maxScanExecutionDuration : String
A max scan execution duration may be provided so that the length of time the CI process takes to provide feedback can be controlled.
- This option is ignored if 'Scan has been submitted' has been selected as the build advance indicator
- This option is ignored if 'Scan has been started' has been selected as the build advance indicator
- The duration will take affect when the scan moves into scanning state
- Upon reaching the duration, the in-progress scan will be stopped and the build will advance as normal
The following format must be used for defining a duration:
0d 5h 30m
- (d) - Days
- (h) - Hours
- (m) - Minutes
A quantity must be supplied for each of the above. e.g.
- 1 day: 1d 0h 0m
- 5 hours: 0d 5h 0m
- 3 hours, 30 minutes: 0d 3h 30m
enableScanResults : boolean
Flag to indicate if scan results should be viewable when a build has finished.
When enabled, a new action will be provided to view scan results, labeled 'InsightAppSec Scan Results'.
Note: All users with access to view the build job history will be able to view InsightAppSec scan results
Was this page helpful?
Please submit your feedback about this page through this
quick form.
Alternatively, if you don't wish to complete the quick form, you can simply
indicate if you found this page helpful?
See existing feedback here.