/authors/jordan/ Recent content in Jordan on ZAP Hugo en-us Tue, 22 Nov 2016 00:00:00 +0000 /blog/2016-11-22-announcing-the-official-zap-jenkins-plugin/ Tue, 22 Nov 2016 00:00:00 +0000 /blog/2016-11-22-announcing-the-official-zap-jenkins-plugin/ <p>Using ZAP during the development process is now easier than ever. We are proud to present the Jenkins plugin, it extends the functionality of the ZAP security tool into a CI Environment.</p> <figure> <img src="/blog/2016-11-22-announcing-the-official-zap-jenkins-plugin/images/ZAP_CI_SMALLER.png" alt="" /> <figcaption></figcaption> </figure> <h5 id="the-process-explained">The process explained</h5> <ol> <li>A Jenkins CI Build step initializes ZAP</li> <li>Traffic flows (Regression Pack) through ZAP (Web Proxy)</li> <li>ZAP modifies requests to include Vulnerability Tests</li> <li>Target Application/Server sends Response back through ZAP</li> <li>ZAP sends reporting data back to Jenkins</li> <li>Jenkins publishes and archives the report(s)</li> <li>Jenkins creates JIRA tickets for the alerts</li> </ol> <p>The ZAP Jenkins plugin makes use of the readily available and diverse ZAP API, allowing you to use the same session files and scan policy profiles between ZAP and the Jenkins plugin, so they can be interchangeably loaded.</p>