Find plugins

1.1.1Minimum Jenkins requirement: 1.609.1ID: swamp

Enables Jenkins to send and receive SWAMP assessments during a build


This plugin allows you to submit SWAMP assessments during Jenkins builds.
The SWAMP assessment will use open source static analysis tools to test your source code for vulnerabilities and flaws.
For more information on the SWAMP, visit https://continuousassurance.org
For more information on Jenkins, visit https://jenkins.io/


  • Uploading Packages and Assessments to the SWAMP
    • Configurable to meet many languages, tools, and build systems
  • Receive graphical feedback
    • Graphs generated to show bug progression over builds
    • Visually see the bugs in your code
  • Configurable with SWAMP-In-A-Box
    • Set the URL provided by your administrator in the Global Configurations page
  • All results are also view-able online through our website
    • Tools like CodeDX are at your disposal there
  • More information available on https://continuousassurance.org/

Potential upcoming features

  • Send emails containing assessment results
  • More graphs to view your data differently



Not tested in Jenkins version 1.651.3 or lower.

SWAMP account

To upload results, you must create an account at https://www.mir-swamp.org/

We suggest that you create an Application Password for use with Jenkins, since this account will be attached to all jobs within this instance of Jenkins.

Please note


Install plugin

Install this plugin via the Jenkins plugin manager.

This can be done through the configurations as follows:

  • Manage Jenkins -> Manage Plugins
  • Click on the Available tab
  • Enter "SWAMP" in the search bar
  • Check the plugin and click Install

Configure the SWAMP Jenkins Plugin

The SWAMP Jenkins Plugin must be configured before use.
This configuration is modified on the following web interface:

  • Go to your Jenkins URL in a web browser
  • Click _Manage Jenkins_ -> _Configure System_
  • Scroll to the SWAMP Configuration Section (near the bottom of the configuration page), and enter the following:
Parameter Description
Swamp Username

Your username to log into the SWAMP

NOTE: Third party credential such as github are not supported.
Create and use a SWAMP Application Password instead.

Swamp Password Your password to log into the SWAMP

URL of SWAMP web site.
The default is the SWAMP public instance at https://swa-csaweb-pd-01.mir-swamp.org.
If you are using SWAMP-in-a-Box, contact your administrator for the URL to use.

Test Connection Button Use this button to test your credentials and URL
Global Project Settings
Default Project

The default project to be used for each upload
Can be modified in build settings

Miscellaneous Options
Verbose Mode Provide extra output for status updates and error checking
Run even if build fails? If checked, the package will be uploaded and assessed even if the build fails
Run Assessments in Background

If selected, you will not be able to view the results of the assessments in Jenkins.
Use this option if you use a SWAMP viewer.

Configure a Job

  • Go to your Jenkins URL in a web browser

  • Click on the project link that you want to assess with the SWAMP

  • Click on the Configure link for the project on the left side

  • Scroll to the Post Build Actions section (or click the Post Build Actions tab)

  • Click the Add Post Build Action button and select "Swamp Assessment"

  • In the SWAMP Assessment section, fill out the data as follows:

Parameter Description

Package Settings

Package Directory

If your source code for your package is located in a subdirectory, enter it here.

Package Name

Enter the name of your package here. This is the name that will be used in the SWAMP UI.

Package Version

Enter the version string of your package. Every build should have a unique version String. The following macros may be used



unique Jenkins build id


current date


most recent git commit id


most recent svn commit id


If you do not update the version number each build (either using any of the above options or manually updating the version) then submissions will have the same version and be difficult to destinguish in the user interface.

Package Language

The language that your package uses.

Build Settings

Build System

Select the build system your project uses.

Build Directory

Enter a value if your software needs to build in different directory than the Package Directory. The directory is relative this the Package Directory

Build File

Leave blank if using a standard build file name for the select Build System (i.e. build.xml for Ant, pom.xml for Maven, Makefile for Make) Enter a value if the build file is using a non standard name. The name is relative to the Build Directory.

Build Target

If building your package requires a special build target, enter it here, otherwise leave blank

Build Command

If your package requires a non-standard build command, enter it here, otherwise leave blank and the command will be determined by the Build System.

Build Options

If your package requires options to passed to the build command, enter it here (e.g. --verbose --setInt 1), otherwise leave blank. Add multiple options separated by spaces as usual.

Configuration Command

If your package requires a configuration command, enter it here. If left blank, the configuration will be called without a command.

Configuration Options

If your package requires configuration options, enter them here similarly to the build options.

Clean Command

Enter the command to clean your build. Leave blank to use the [build-system] clean

Assessment Settings

Project Name

The name of the project to use in the SWAMP.

Click Add to configure the Tool and Platforms to use:


Select the tool you would like to use for this assessment.


Select the platform you would like to use for this assessment.

Output Settings

Assessment Output Directory

Places the output of the assessments from the SWAMP in this directory from the workspace.



Feedback wanted

Any suggestions to make the plugin better?

Comments about what tools are more useful than others?

Additional graphs you think would be useful?

Let us know at support@continuousassurance.org!


The plugin should send back various error messages about why your package/assessments were not submitted.
The SWAMP should have more detailed information on any assessment failure if you go to the viewer.

If neither of these options are sufficient, go to our contact page at https://www.mir-swamp.org/#contact, or email us at support@continuousassurance.org.

Frequently asked questions

Version history

Version 1.0.1

  • Fixed incompatibility with SWAMP-In-A-Box, now functions as intended

Version 1.0.0

  • Fixed tool list not displaying

Version 0.7.8

  • Initial release
ArchivesGet past versions
This plugin has no labels