How to Integrate Netsparker with GoCD Automation Server

Category: Product Docs & FAQS - Last Updated: Tue, 30 Jan 2018 - by Robert Abela

GoCD is continuous delivery software similar to Jenkins. GoCD enables you to build automation into your software development workflow, including testing, bug fixing, web security scanning and vulnerability fixing.

This article explains how to integrate Netsparker web application security scanner with GoCD, in order to trigger scans automatically when developers make changes to your web applications.

Why Integrate Netsparker Desktop with GoCD?

In software development projects, Developers, Testers and Penetration Testers all have their role to play. When Developers make changes to web applications for example, these changes have a knock-on impact on other teams and tasks.

If the changes that are made by Developers can be used to trigger automatic scans, this saves the time required to manually configure and run scans, examine results, then assign and fix vulnerabilities. Development teams can continue to work on the areas to which they have been assigned, without having to switch tasks. Those assigned to vulnerabilities can view scans as they are running. And, often scans can run while developers are otherwise occupied or away from work. No-one has to wait for a scan to complete before moving on to another task or back to their previous development tasks.

Integrating GoCD with Netsparker

There are two steps in this procedure:

  1. Adding the Netsparker’s installation directory to PATH environment variable of the operating system.
  2. Creating a Custom Command Task on GoCD.

Adding Netsparker’s Installation Directory to the PATH Environment Variable

You need to add Netsparker’s installation directory to your OS's PATH environment variable on every machine on which you use Netsparker Desktop.

How to Add Netsparker's Installation Directory to the PATH Environment Variable
  1. From your PC's desktop, right-click This PC, then click Properties. The Properties window is displayed.

From your PC's desktop, right-click This PC, then click Properties. The Properties window is displayed.

  1. Click Advanced System Settings. The System Properties dialog is displayed with the Advanced tab open.
  2. Click Environment Variables. The Environment Variables dialog is displayed.

Click Environment Variables. The Environment Variables dialog is displayed.

  1. From the System variables panel, click Path, then Edit. The Edit environment variable dialog is displayed.

From the System variables panel, click Path, then Edit. The Edit environment variable dialog is displayed.

  1. Click New, then enter Netsparker’s installation directory path (the default is 'C:\Program Files(x86)\Netsparker')', and click OK.
  2. Click OK to close all remaining dialogs.

Creating a Custom Command Task on GoCD

Once you create a Custom Command Task on the GoCD and the required fields are completed, when the task runs, it automatically scans with Netsparker and saves the formatted reporting file, Detailed Scan Report.

How to Create a Custom Command Task on GoCD
  1. Open GoCD.

Open GoCD.

  1. From the Pipelines window, click the round settings button next to the pipeline you want to edit. The Quick Edit window is displayed.

From the Pipelines window, click the round settings button next to the pipeline you want to edit. The Quick Edit window is displayed.

  1. Click the Stages tab and click on the relevant stage. The Stage window is displayed.

Click the Stages tab and click on the relevant stage. The Stage window is displayed.

  1. Click the Jobs tab, and click on the relevant job. The Job window is displayed.

Click the Jobs tab, and click on the relevant job. The Job window is displayed.

  1. Click the Tasks tab, then click Custom Command. The Edit Custom Command task window is displayed.

Click the Tasks tab, then click Custom Command. The Edit Custom Command task window is displayed.

  1. In the Command field, enter:

netsparker.exe

  1. In the Arguments field, enter the following code:

/a
/url
http://php.testsparker.com/
/rt
"Detailed Scan Report"
/r
"C:\Program Files (x86)\Go Agent\pipelines\report_phptestsparkercom.html"

  1. Click Save.

Report Templates Directory

The rt parameter in the command line, in the instructions in How to add Netsparker's Installation Directory to the PATH Environment Variable, is given the value 'Detailed Scan Report'.

This value is taken from the template names contained in the Report Templates directory (C:\Users\{USERNAME}\Documents\Netsparker\Resources\Report Templates). You can substitute the name of any other report template, to generate a different report at the end of the scan.

Report Templates Directory

For further information about parameters, see Netsparker Desktop Command Line Interface and Arguments.


Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

DOWNLOAD DEMO TRY ONLINE SCAN