Jenkins is the way to secure your software

Product Security and Jenkins

Submitted By Jenkins User Chris Siv
Security is first for this test engineer.
Industries: Networking
Programming Languages: C/C++, Python
Version Control Systems: Subversion
Community Support: Jenkins.io websites & blogs, Spoke with colleagues and peers

Security, automation and software acceleration with Jenkins.

Background: My company needed to improve our DevOps environment. As the test engineer, I wanted to make sure the environment was secure. I sought to automate processes as we would manually start and browse results of Security Testing (SAST) and Dynamic Application Security Testing (DAST) after each software component change.

Goals: Deliver secure software to network elements.

"Jenkins helped us to automate the boring stuff."
image— Chris Siv, Test Engineer

Solution & Results: 

Jenkins was used to integrate and automate Static Application Security Testing and Dynamic Application Security Testing tools. When there is a change in any component that is a part of our software, Jenkins automatically starts its jobs. With its functionality, team members receive an email notification if there’s a new finding in our software.

We use email notifications to inform team members about results. Additionally, we are using a plot to visualize security errors in each build.

We were thrilled with the results, which have included:

  • Improved product security 

  • Shortened development release cycles  

  • Elimination of the need for the team to perform manual work