Qualys WAS Plugin for Jenkins

Document created by Dave Ferguson Employee on Apr 15, 2018Last modified by Dave Ferguson Employee on Feb 20, 2020
Version 22Show Document
  • View in full screen mode

The Qualys WAS plugin for Jenkins empowers DevOps teams to build application vulnerability scans into their CI/CD processes. By integrating and automating scans in this manner, application security testing is accomplished earlier in the SDLC to catch and eliminate security flaws. 


With a valid Qualys WAS account, you can configure the plugin to fail the build if certain criteria are met such as presence of specific QIDs or a severity 5 vulnerability for example. The plugin supports both freestyle projects and pipeline projects and scan results can be viewed directly in Jenkins.  A link to the full scan report in the Qualys Platform UI is provided as well.


Version 2.0.4 of the plugin is now available. This version adds support for the Qualys Canada platform and fixes an issue related to storage of proxy credentials.  Note that the plugin is now on the Jenkins Plugins Index and can therefore be installed directly from the "Available" tab from Manage Plugins within the Jenkins interface.