The following plugin provides functionality available through Pipeline-compatible steps. Read more about how to integrate steps into your Pipeline in the Steps section of the Pipeline Syntax page.

For a list of other such plugins, see the Pipeline Steps Reference page.

Rapid7 InsightAppSec

insightAppSec: Scan using InsightAppSec

  • region : String
    The data storage region of the target InsightAppSec instance.
  • insightCredentialsId : String
  • appId : String
    The App containing the Scan Config you wish to scan.
  • scanConfigId : String
    The Scan Config you wish to scan.
  • buildAdvanceIndicator : String
    This configuration option can be used to augment how the build advances based on the status of the scan submitted
    • Scan has been submitted - Advance the build when the scan has been submitted successfully
    • Scan has been started - Advance the build when the scan has been started successfully
    • Scan has been completed - Advance the build when the scan has been completed successfully
    • Vulnerability results query has returned no vulnerabilities - Advance the build when the scan has been completed and the vulnerability search query has returned no vulnerabilities
  • vulnerabilityQuery : String
    • An InsightAppSec search query may be supplied to search vulnerabilities found by the scan.
    • For example, if you wish to fail the build when high severity vulnerabilities have been found, use:
                             vulnerability.severity='HIGH'
                  
    • The query supplied will automatically be scoped to the scan
    • For more information on vulnerability search queries, consult the InsightAppSec API search documentation here:
      https://help.rapid7.com/insightappsec/en-us/api/v1/docs.html#tag/Search
    • If left blank, the build will fail when any vulnerabilities have been found in the scan
  • maxScanPendingDuration : String
    A max scan pending duration may be provided so that the length of time the CI process takes to provide feedback can be controlled.
    • This option is ignored if 'Scan has been submitted' has been selected as the build advance indicator
    • The duration will take affect when the scan has been submitted
    • Upon reaching the duration, the scan will be cancelled and the build will fail

    The following format must be used for defining a duration:
           0d 5h 30m
        
    • (d) - Days
    • (h) - Hours
    • (m) - Minutes
    A quantity must be supplied for each of the above. e.g.
    • 1 day: 1d 0h 0m
    • 5 hours: 0d 5h 0m
    • 3 hours, 30 minutes: 0d 3h 30m
  • maxScanExecutionDuration : String
    A max scan execution duration may be provided so that the length of time the CI process takes to provide feedback can be controlled.
    • This option is ignored if 'Scan has been submitted' has been selected as the build advance indicator
    • This option is ignored if 'Scan has been started' has been selected as the build advance indicator
    • The duration will take affect when the scan moves into scanning state
    • Upon reaching the duration, the in-progress scan will be stopped and the build will advance as normal

    The following format must be used for defining a duration:
           0d 5h 30m
        
    • (d) - Days
    • (h) - Hours
    • (m) - Minutes
    A quantity must be supplied for each of the above. e.g.
    • 1 day: 1d 0h 0m
    • 5 hours: 0d 5h 0m
    • 3 hours, 30 minutes: 0d 3h 30m
  • enableScanResults : boolean
    Flag to indicate if scan results should be viewable when a build has finished.
    When enabled, a new action will be provided to view scan results, labeled 'InsightAppSec Scan Results'.

    Note: All users with access to view the build job history will be able to view InsightAppSec scan results

Was this page helpful?

Please submit your feedback about this page through this quick form.

Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?

    


See existing feedback here.