Vulnerability Vines AI

Vulnerability Vines AI — splash

⚡️ AI‑assisted DAST for CI/CD — launch scans, gate builds, and publish gorgeous reports.

Plugin Version CI Installs Minimum Jenkins License

🌐 Vines Cloud (production): https://vines.rosebird.org


Quick Navigation · What is Vines AI · AI & Reports · Install · Quick Start · Gates · KPI Chips · Pipeline · Examples · JCasC · Troubleshooting · Metadata · Maintainer

What is Rocheston Vulnerability Vines AI?

Vines AI is a modern, AI‑assisted Dynamic Application Security Testing (DAST) platform by Rocheston.
This Jenkins plugin integrates Vines directly into your pipelines so you can:

  • ▶️ Trigger scans from jobs & pipelines against https://vines.rosebird.org (or your on‑prem instance).
  • 🛡️ Enforce pass/fail Gates on risk (critical/high counts, maximum CVSS).
  • 📊 Publish elegant summaries with KPI chips and deep links to the full report.
  • 🔎 Run a Preflight probe (DNS/port/HTTP) before full scans to save build time.

How AI powers scans & reports

  • Smart crawl + attack — adaptive exploration prioritizes real attack surfaces, trimming noise.
  • AI triage — clusters similar findings, promotes likely true positives, de‑duplicates chatter.
  • Explainer‑grade remediation — developer‑first guidance with code‑aware hints.
  • Policy hints — recommends gate thresholds from historical risk patterns so you start sane.

Installation

  1. Manage Jenkins → Plugins → Available → search vulnerability-vines-aiInstall.
  2. Create a Secret text credential with your Vines API token (ID example: VINES_TOKEN).
  3. Ensure your controller/agent can reach https://vines.rosebird.org.

Manual (offline): upload HPI from Releases or from Jenkins repo:

https://repo.jenkins-ci.org/releases/io/jenkins/plugins/vulnerability-vines-ai/<VERSION>/vulnerability-vines-ai-<VERSION>.hpi

Minimum Jenkins: 2.479.3+

Quick Start

Freestyle job

  1. Add build step Vulnerability Vines AI.
  2. Server URL: https://vines.rosebird.org
  3. Target URL: https://app.example.com
  4. Credentials: VINES_TOKEN (Secret text)
  5. (Optional) Enable Gates and adjust thresholds.
  6. Build → view KPIs, open the full report link.

Minimal Pipeline

pipeline {
  agent any
  stages {
    stage('Vines Scan') {
      steps {
        vinesScan(
          serverUrl:     'https://vines.rosebird.org',
          targetUrl:     'https://app.example.com',
          credentialsId: 'VINES_TOKEN'
        )
      }
    }
  }
}

Gates (Pass/Fail policies)

Block unsafe builds with policy thresholds:

Gate Meaning Default
failOnCritical Fail if ≥1 Critical true
failOnHigh Fail if ≥1 High true
failOnMedium Mark UNSTABLE if ≥1 Medium false
maxCvss Fail if maximum CVSS is above cutoff 7.0

🛠️ Pipeline with gates & preflight

vinesScan(
  serverUrl:     'https://vines.rosebird.org',
  targetUrl:     'https://shop.example.com',
  credentialsId: 'VINES_TOKEN',
  preflight:     true,
  gates: [
    failOnCritical: true,
    failOnHigh:     true,
    failOnMedium:   false,
    maxCvss:        7.0
  ],
  timeoutMinutes: 60
)

Using results programmatically

def r = vinesScan(serverUrl:'https://vines.rosebird.org',
                  targetUrl:'https://api.example.com',
                  credentialsId:'VINES_TOKEN',
                  preflight:true)
echo "Scan ${r.scanId} -> Crit:${r.critical} High:${r.high} MaxCVSS:${r.maxCvss}"
echo "Full report: ${r.reportUrl}"
if (r.critical > 0 || r.high > 0) { error('Risk too high') }

KPI chips & risk boxes

Gruvbox‑tinted examples you’ll see in console & reports:

Critical High Medium Low Max CVSS

Pipeline examples

Matrix build (Linux + Windows)

parallel linux: {
  node('linux') {
    vinesScan(serverUrl:'https://vines.rosebird.org', targetUrl:'https://app.example.com', credentialsId:'VINES_TOKEN')
  }
}, windows: {
  node('windows') {
    vinesScan(serverUrl:'https://vines.rosebird.org', targetUrl:'https://app.example.com', credentialsId:'VINES_TOKEN')
  }
}

Post‑scan gate in Groovy

def r = vinesScan(serverUrl:'https://vines.rosebird.org', targetUrl:'https://app.example.com', credentialsId:'VINES_TOKEN')
if (r.critical > 0 || r.high > 0 || r.maxCvss > 7.0) {
  error("Vines gate failed — Crit:${r.critical}, High:${r.high}, Max:${r.maxCvss}")
}

Timeout & preflight controls

vinesScan(
  serverUrl:'https://vines.rosebird.org',
  targetUrl:'https://dev.example.com',
  credentialsId:'VINES_TOKEN',
  preflight:true, timeoutMinutes:90
)

Examples of scans

  • PR Smoke — quick checks, fail on critical/high only.
  • Nightly Deep — full exploration, trends across builds.
  • Release Barrier — strict zero critical/high + maxCvss ≤ 7.0 before publish.

Global configuration & JCasC

Manage Jenkins → System defaults:

  • Default Server URL (e.g., https://vines.rosebird.org)
  • Default Credentials (Secret text token)
  • Default preflight / timeout

JCasC Example

unclassified:
  vulnerabilityVinesAi:
    serverUrl: "https://vines.rosebird.org"
    credentialsId: "VINES_TOKEN"
    defaultPreflight: true
    defaultTimeoutMinutes: 60

Troubleshooting

  • Preflight failed — controller/agent cannot reach the target (DNS/port/proxy). Toggle preflight:false temporarily for internal nets.
  • 401 from Vines — wrong/expired token; re‑create Secret text and update credentialsId.
  • Gates failing builds — relax thresholds while triaging (e.g., increase maxCvss or turn off failOnMedium).
  • Not visible in “Available”Plugin Manager → Advanced → Check now; ingestion can lag briefly after releases.

Metadata

  • Plugin ID: vulnerability-vines-ai
  • Minimum Jenkins: 2.479.3
  • Vines Cloud: https://vines.rosebird.org
  • Source: jenkinsci/vulnerability-vines-ai-plugin
  • Issues: GitHub Issues
  • CI: ci.jenkins.io
  • Release model: JEP‑229 Continuous Delivery (versions like 123.vabcdef)
  • Topics (GitHub): jenkins-plugin, pipeline, security, dast, scanner, reporting, ai

Maintainer

Haja Mo (rocheston) — creator of Rocheston Vulnerability Vines AI.
Contributions welcome — open issues/PRs and keep docs consistent with the UI/Snippet Generator.

Sample Report

Sample Report 1 Sample Report 2 Sample Report 3

Sample Report 4 Sample Report 5 Sample Report 6

Sample Report 7 Sample Report 8 Sample Report 9


Apache License 2.0 © Rocheston • Designed with ❤️ by Haja Mo