Complimentary 90-day, on-prem license available for entities involved in Covid19 response.
SUPPORT

24/5 Hotline Support Service

+44 (0)20 3588 3841

Open a Support Ticket

support@netsparker.com

Integrating Netsparker Enterprise with Travis CI

Travis CI is a hosted continuous integration service. It is used to test and deploy software projects hosted on GitHub. You log in to Travis CI with GitHub, instruct Travis CI to test the code of a project, and then push it to GitHub.

Image result for travis ci

This topic explains how to start a scan via Travis CI, using a small node.js script to start a scan and for other operations.

For further information, see What Systems Does Netsparker Integrate With?.

  1. Sign up for Travis CI using your GitHub account.
  2. Visit: https://travis-ci.com/.

  1. Click Sign in with GitHub with no registration required.
  2. You will be redirected to GitHub. Click Authorize application.

If you ever want to stop Travis CI accessing your GitHub account, visit https://github.com/settings/applications and click Revoke.
  1. Once you have allowed access you will be taken back to Travis where you will need to enable a specific Git Repository.

How to Enable a Specific Git Repository

  1. Open your Travis Profile: https://travis-ci.com/profile
  2. Click Activate.

The Install Travis CI window is displayed.

  1. Click Approve & Install.
  2. Select the GitHub repository you want to integrate with Travis-CI. You can choose multiple repositories.

Create The Project Files

The project structure and files you will need are as follows:

The test folder contains thenode.js script. You need to configure it with your credentials. Then save it by giving it name (for example, ‘ne-cloud.js’).

This example in our script will start a new Netsparker scan. Highlighted areas must be edited to include your information. And your API request will contain different variables such as 'AgentId', 'AgentName' or 'Cookies'. This is a simple API request.

Here is the code:

----------------------------------------------------------------------------------------
var request = require("request");

var options = { method: 'POST',
  url: 'https://www.netsparkercloud.com/api/1.0/scans/new',
  headers:
   {       'Cache-Control': 'no-cache',
         Authorization: 'Basic API TOKEN',
         'Content-Type': 'application/json' },
  body:
   { TargetUri: 'http://example.com',
         PolicyId: 'string' },
  json: true };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
-----------------------------------------------------------------------------------------
Also, you need to add these lines in your “.travis.yml” file
-------------------------------------
language: node_js

node_js:
- node
---------------------------------------
You also need the configure package.json file like the code below
------------------------------------------------------------------------------------------------------
{
  "author": "Name <Your E-mail Address>",
  "name": "Travis-CI-NS-Integration",
  "description": "Start a Scan From Travis-CI",
  "version": "1.0.0",
  "repository": {
        "type": "git",
        "url": "git://git@github.com:aliturhanalan/travis"
  },
  "scripts": {
        "test": "vows test/*.js"
  },
  "engines": {
        "node": ">= 0.4"
  },
  "devDependencies": {
        "vows": "latest",
        "request": "^2.88.0"
  }
}

---------------------------------------------------------------------------------------------------------
The other files are like “readme.md” in general git files.
When you push a build to GitHub, Travis will start a new Netsparker scan. Or you can trigger it manually from Travis-CI.
You can create node.js codes using Postman easily.
Here is another API request in node.js code. It might be useful:

Start a group scan
-------------------------------------------------------------------------------------------------------------------

var request = require("request");

var options = { method: 'POST',
  url: 'https://www.netsparkercloud.com/api/1.0/scans/newgroupscan',
  headers:
   { 'Cache-Control': 'no-cache',
         Authorization: 'Basic API TOKEN' },
  body: '{\r\n "WebsiteGroupName": "agent",\r\n "PolicyId": "string",\r\n}' };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

-------------------------------------------------------------------------------------------------------------------

Incremental Scan

--------------------------------------------------------------------------------------------------------------------
var request = require("request");

var options = { method: 'POST',
  url: 'https://www.netsparkercloud.com/api/1.0/scans/incremental',
  headers:
   {
         'Cache-Control': 'no-cache',
         Authorization: 'Basic API TOKEN',
         'Content-Type': 'application/json' },
  body:
   { IsMaxScanDurationEnabled: false,
         MaxScanDuration: 48,
         BaseScanId: 'string' },
  json: true };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

-------------------------------------------------------------------------------------------------------------------------------
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO