Background: My company needed to improve our DevOps environment. As the test engineer, I wanted to make sure the environment was secure. I sought to automate processes as we would manually start and browse results of Security Testing (SAST) and Dynamic Application Security Testing (DAST) after each software component change.
Goals: Deliver secure software to network elements.
Solution & Results:
Jenkins was used to integrate and automate Static Application Security Testing and Dynamic Application Security Testing tools. When there is a change in any component that is a part of our software, Jenkins automatically starts its jobs. With its functionality, team members receive an email notification if there's a new finding in our software.
Jenkins helped us to automate the boring stuff.
We use email notifications to inform team members about results. Additionally, we are using a plot to visualize security errors in each build.
We were thrilled with the results, which have included: