Objective
Perform a functional test of an application using Selenium and fail the building using the Jenkins plug-in if there is more than an acceptable level of vulnerabilities are found.
Process
The following instructions assume that:
- Jenkins is integrated into the Contrast UI using the available Jenkins plug-in.
- The Firefox browser (54.0.1 or below) is available.
- You have an existing Selenium script.
- WebGoat is the project being tested.
If you require assistance adapting them to your application, please don't hesitate to submit a ticket and we'll be happy to help.
Steps:
- Click on WebGoat project > Configure.
- In Build > Execute Shell, enter the following code.
java -javaagent:/home/username/Downloads/contrast.jar -Dcontrast.application.version=${JOB_NAME}-${BUILD_NUMBER} -jar /home/username/Downloads/webgoat-container-7.1-exec.jar &Notes:
sleep 30s
java -jar /home/username/Downloads/Selenium/selenium-html-runner-3.4.0.jar -htmlSuite *firefox http://localhost:8080/WebGoat/start.mvc /home/username/Downloads/Selenium/Jenkins/WebGoatTestSuite.html /home/username/Downloads/Selenium/myresults.htm- Add -Dcontrast.override.appversion=${JOB_NAME}-${BUILD_NUMBER} to tell the agent the job name and number to be sent to the Contrast UI.
- Add the '&' sign to tell Jenkins to run another job in parallel.
- Add sleep 30s: to allow Jenkins to wait for 30 seconds for the WebGoat app to be fully available to start the Selenium tests.
- Make sure you run Jenkins from the war file, not as a service. In the above example, you can run it using the following command. If you do not run Jenkins as war, you will not see the script running.
java -jar /usr/share/jenkins/Jenkins.war --httpPort=9090.
- Still inside the build, under "Post Build Actions" enter and save a vulnerability threshold as per the Jenkins plug-in docs.