The Qualys WAS plugin for Jenkins empowers DevOps teams to build application vulnerability scans into their CI/CD processes. By integrating and automating scans in this manner, application security testing is accomplished earlier in the SDLC to catch and eliminate security flaws.
With a valid Qualys WAS account, you can configure the plugin to fail the build if certain criteria are met such as presence of specific QIDs or a severity 5 vulnerability for example. The plugin supports both freestyle projects and pipeline projects and scan results can be viewed directly in Jenkins. A link to the full scan report in the Qualys Platform UI is provided as well.
Version 2.0.4 of the plugin is now available. This version adds support for the Qualys Canada platform and fixes an issue related to storage of proxy credentials. Note that the plugin is now on the Jenkins Plugins Index and can therefore be installed directly from the "Available" tab from Manage Plugins within the Jenkins interface.
- v2.0.4 - install directly from "Manage Plugins" within Jenkins. Alternatively, download the zip file below.
- For help, see the Qualys WAS Plugin for Jenkins User Guide