NowSecure provides purpose-built, fully automated mobile application security testing (static and dynamic) for your development pipeline. By testing your mobile application binary post-build from Jenkins, NowSecure ensures comprehensive coverage of newly developed code, third party components, and system dependencies.
NowSecure quickly identifies and details real issues, provides remediation recommendations, and integrates with ticketing systems such as Azure DevOps and Jira.
This integration requires a NowSecure platform license. See https://www.nowsecure.com for more information.
This Jenkins plugin requires the following plugins:
- Credentials: https://plugins.jenkins.io/credentials/
- Plain Credentials: https://plugins.jenkins.io/plain-credentials/
These plugins are already installed in over 90% of Jenkins instances according to usage statistics, so most consumers of this plugin will not need to explicitly install these.
Note: This plugin will require the minimum Jenkins version as specified by the above two plugins. At the moment, that's version 2.479 requiring Java 17 or Java 21.
First, find this extension in the Jenkins Plugin Marketplace
Then install it following Jenkin's instructions on installing marketplace plugins.
NOTE: Current compatibility is limited to Windows and Linux running X64 architecture, or Mac with Apple Silicon. In order for the extension to work, please make sure you are running on an appropriate worker node.
Perform the following to add this component to your CI/CD pipeline:
- Get a token from your NowSecure platform instance. More information on this can be found in the NowSecure Support Portal.
- Identify the ID of the group in NowSecure Platform that you want your assessment to be included in. More information on this can be found in the NowSecure Support Portal.
- Add a
StringCredentialssecret as shown in the documentation for the Plain Credentials Plugin. Set theSecretto the value of the token created above.
The NowSecure Azure CI Extension supports the following parameters:
| Name | Description | Default Value |
|---|---|---|
group |
Defines the group reference that is used to trigger assessments. Information on how to get the group reference can be found in theNowSecure Support Portal | |
token |
Defines the token used to communicate with the NowSecure API. This token should be stored as a secret. Information on how to create a token can be found in the NowSecure Support Portal. | |
binary_file |
Defines the path to the mobile application binary to be processed by NowSecure | |
ui_host |
Defines the NowSecure base UI to use. This will not change unless you are leveraging a single tenant. | https://app.nowsecure.com |
api_host |
Defines the NowSecure base API to use. This will not change unless you are leveraging a single tenant. | https://lab-api.nowsecure.com |
log_level |
Defines the log level set for the NowSecure analysis task. | info |
artifacts_dir |
Defines the directory for nowsecure artifacts to be output to. In the case of the default assessment results would be ./artifacts/nowsecure/assessment.json |
|
polling_duration_minutes |
Defines the length of time (in minutes) to poll for job completion. | If analysis_type is static, 30. If full, 60 |
minimum_score |
Defines the score under which an assessment will fail | -1 |