How to integrate Selenium and Contrast with a Jenkins build

Objective

Perform a functional test of an application using Selenium and fail the building using the Jenkins plug-in if there is more than an acceptable level of vulnerabilities are found.

Process

The following instructions assume that:

• Jenkins is integrated into the Contrast UI using the available Jenkins plug-in.
• The Firefox browser (54.0.1 or below) is available.
• You have an existing Selenium script.
• WebGoat is the project being tested.

If you require assistance adapting them to your application, please don't hesitate to submit a ticket and we'll be happy to help.

Steps:

1. Click on WebGoat project > Configure.
2. In Build > Execute Shell, enter the following code.

   java -javaagent:/home/username/Downloads/contrast.jar -Dcontrast.application.version=${JOB_NAME}-${BUILD_NUMBER} -jar /home/username/Downloads/webgoat-container-7.1-exec.jar & 
   sleep 30s 
   java -jar /home/username/Downloads/Selenium/selenium-html-runner-3.4.0.jar -htmlSuite *firefox http://localhost:8080/WebGoat/start.mvc /home/username/Downloads/Selenium/Jenkins/WebGoatTestSuite.html /home/username/Downloads/Selenium/myresults.htm

   Notes:
   • Add -Dcontrast.override.appversion=${JOB_NAME}-${BUILD_NUMBER} to tell the agent the job name and number to be sent to the Contrast UI.
   • Add the '&' sign to tell Jenkins to run another job in parallel.
   • Add sleep 30s: to allow Jenkins to wait for 30 seconds for the WebGoat app to be fully available to start the Selenium tests.
   • Make sure you run Jenkins from the war file, not as a service. In the above example, you can run it using the following command. If you do not run Jenkins as war, you will not see the script running.
     java -jar /usr/share/jenkins/Jenkins.war --httpPort=9090.
3. Still inside the build, under "Post Build Actions" enter and save a vulnerability threshold as per the Jenkins plug-in docs.