The Jenkins plugin for Qualys WAS empowers DevOps teams to build application vulnerability scans into their CI/CD processes. By integrating and automating scans in this manner, application security testing is accomplished earlier in the SDLC to catch and eliminate security flaws.
With a valid Qualys WAS account, you can configure the plugin to fail the build if certain criteria are met such as presence of specific QIDs or a severity 5 vulnerability for example. The plugin supports both freestyle projects and pipeline projects and scan results can be viewed directly in Jenkins. A link to the full scan report in the Qualys Platform UI is provided as well.
Version 2.0.4 of the WAS Jenkins plugin is now available. This version adds support for the Qualys Canada platform and fixes an issue related to storage of proxy credentials. Note that the plugin is now on the Jenkins Plugins Index and can therefore be installed directly from the "Available" tab from Manage Plugins within the Jenkins interface.
- Jenkins plugin for WAS v2.0.4 - download zip file below or install it directly from Manage Plugins within Jenkins.
- For help, see the Qualys WAS Jenkins Plugin User Guide