Integrating Syhunt into Jenkins

The information in this document applies to version 6.5 of Syhunt Hybrid.

Syhunt scans can be easily executed from within a Jenkins Pipeline script, allowing you to integrate the Syhunt Dynamic and Syhunt Code tools into your continuous delivery pipeline, schedule scans and more.

Important: Remember to install Syhunt after deploying and setting up Jenkins. This way the Syhunt setup will detect your Jenkins installation and automatically install the required extensions. If you use scanGIT(), you will need to install Git for Windows, which can be downloaded at https://gitforwindows.org/

Adding Syhunt to your Pipeline script

  1. From the Jenkins Dashboard, open the desired pipeline item.
  2. Click Configure from the sidebar links
  3. Go to the Pipeline tab and uncheck the "Use Groovy Sandbox" option if checked
  4. Insert the below code at the appropriate position of your pipeline script:

def rootDir = pwd()
def syhunt = load "${rootDir}/../workspace@script/syhunt/syhunt.groovy"
syhunt.scanURL([target: 'http://somewebsite.com/', huntMethod: 'appscan', build: 'failifriskmedium'])

Example:


#!/usr/bin/env groovy

node {  
    stage('Scan') {
        def rootDir = pwd()
        def syhunt = load "${rootDir}/../workspace@script/syhunt/syhunt.groovy"
        syhunt.scanURL([target: 'http://somewebsite.com/', huntMethod: 'appscan', build: 'failifriskmedium'])
    }
}

Click the Save button to update the pipeline configuration.

Running the Build

After building and executing the above pipeline script, the Console Output for the project should contain something like:

Pipeline] echo
Preparing to scan URL: http://somewebsite.com/
[Pipeline] echo
VULNERABLE!
Found 2 vulnerabilities
SYHUNT URLSCAN 6.4.1.0 PLATINUM EDITION (c) 2018 Syhunt
...
[Pipeline] echo
Build problem: found Medium risk vulnerabilities.
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
Finished: FAILURE

scanURL Function

Syhunt Dynamic can be launched through the scanURL() function. The following parameters must be provided when calling the scanURL() function:

  • target - the target URL to be scanned (eg. http://www.somesite.com)
  • huntMethod (optional) - the Hunt Method to be used during the scan, If omitted, the default method will be used.
  • build (optional) - allows the build to fail if a certain condition is met:
    • failifriskhigh - Fail if a High risk vulnerability is found
    • failifriskmedium - Fail if a Medium or High risk vulnerability is found
    • failifrisklow - Fail if a Low, Medium or High risk vulnerability is found

After executing, the ScanURL() function returns a map containing the following keys:

  • outFilename - The filename of the generated scan report

scanCode and scanGIT Functions

Syhunt Code can be launched through the scanCode() or scanGIT() functions. The same parameters needed by the scanURL() function (see above) must be provided when calling the function.

If you are calling scanGIT(), the target must be the URL of a GIT repository.

If you are calling scanCode(), the target can be a local source code directory or file.

Examples:


syhunt.scanGIT([target: 'https://github.com/someuser/somerepo.git', huntMethod: 'normal', build: 'failifriskmedium'])
syhunt.scanCode([target: 'C:\\www\\', huntMethod: 'normal', build: 'failifriskmedium'])

Scheduling Scans

  1. From the Jenkins Dashboard, open the desired pipeline item.
  2. Click Configure from the sidebar links
  3. Go to the Build Triggers tab, check the "Build periodically" option and enter the appropriate schedule
  4. Click the Save button to update the pipeline configuration


For additional product documentation, visit syhunt.com/docs