Vigilnz Security

Vigilnz Security Plugin integrates comprehensive security scanning capabilities into Jenkins CI/CD pipelines. Run CVE, SAST, SBOM, and other security scans as part of your build process.

• 🔒 Multiple Scan Types: Support for CVE, SAST, SBOM, and more
• 🔐 Secure Credential Management: Store and manage Vigilnz API credentials securely
• 🚀 Freestyle & Pipeline Support: Works with both traditional and modern Jenkins jobs
• 📊 Detailed Results: View scan results directly in the Jenkins build sidebar
• ⚙️ Flexible Configuration: Select which scan types to run per build
• 🔄 Credential Management: Automatic refresh and caching

• Jenkins 2.516.3 or later
• Java 17 or later
• Vigilnz API access (API key required)

1. Go to Manage Jenkins → Manage Plugins
2. Search for "Vigilnz Security"
3. Click Install without restart or Download now and install after restart

1. Download the latest .hpi file from GitHub Releases
2. Go to Manage Jenkins → Manage Plugins → Advanced
3. Upload the .hpi file under Upload Plugin
4. Restart Jenkins

1. Go to Manage Jenkins → Manage Credentials
2. Click Add Credentials
3. Select Vigilnz Security Token from the kind dropdown
4. Enter:
   • Token: Your Vigilnz API key
   • ID: Unique identifier (optional, auto-generated if not provided)
   • Description: Description for this credential
5. Click OK

1. Create a new Freestyle project or edit an existing one
2. In Build Steps, click Add build step → Invoke Vigilnz Security Task
3. Configure:
   • Credentials: Select your Vigilnz credential
   • Target File: (Optional) File or path to scan
   • Scan Types: Select at least one scan type (CVE, SAST, SBOM)
4. Save and run the build

pipeline {
    agent any

    stages {
        stage('Security Scan') {
            steps {
                vigilnzScan(
                    credentialsId: 'my-vigilnz-creds',
                    scanTypes: 'cve,sast,sbom'
                )
            }
        }
    }
}

• CVE: Common Vulnerabilities and Exposures scan
• SAST: Static Application Security Testing
• SBOM: Software Bill of Materials

After a build completes:

1. Sidebar Summary: View a quick summary in the build page sidebar
2. Full Details: Click "View Details →" in the sidebar to see complete scan results
3. Console Output: Check the build console for detailed scan logs

vigilnzScan(
    credentialsId: 'my-vigilnz-token',
    scanTypes: 'cve'
)

vigilnzScan(
    credentialsId: 'my-vigilnz-token',
    scanTypes: 'cve,sast,sbom'
)

pipeline {
    agent any

    stages {
        stage('Security Scan') {
            steps {
                withCredentials([string(credentialsId: 'vigilnz-token', variable: 'VIGILNZ_TOKEN')]) {
                    vigilnzScan(
                        credentialsId: 'vigilnz-token',
                        scanTypes: 'cve,sast'
                    )
                }
            }
        }
    }
}

• Verify your API key is correct
• Check that the authentication URL is accessible
• Ensure the token has not expired

• At least one scan type must be selected
• Check the checkbox selections in the build configuration

• Ensure the build completed successfully
• Check the build console for any errors
• Verify the API response was successful

• Issues: Report issues on GitHub Issues
• Documentation: Plugin Wiki
• Email: support@vigilnz.com

Contributions are welcome! Please see CONTRIBUTING.md for guidelines.

• Initial release
• Support for CVE, SAST, SBOM scan types
• Freestyle and Pipeline job support
• Secure credential management
• Build sidebar results display

Licensed under MIT License. See LICENSE for details.