You can use UrbanCode Deploy to automate application developments through your environments. It provides continuous delivery, the audit trails, versioning, and approvals needed in production.
You can integrate Netsparker Enterprise with UrbanCode Deploy using cURL scripts, generated by our Integration Script Generator.
This topic explains how to generate and use cURL scripts to integrate Netsparker Enterprise with UrbanCode Deploy in order to enable our advanced integration functionality.
For further information, see What Systems Does Netsparker Integrate With?.
Generating and Using Netsparker Enterprise’s UrbanCode Deploy Integration Scripts
Netsparker Enterprise uses cURL command-line tools to integrate with UrbanCode Deploy.
How to Generate Netsparker Enterprise's UrbanCode Deploy Integration Scripts
- Log in to Netsparker Enterprise.
- From the main menu, select Integrations > New Integration.
- From the Continuous Integration Systems section, select UrbanCode Deploy.
- From the Integration Script Generator section, select the relevant Scan Settings:
- From the Scan Type field, select an option.
- From the Website drop-down, select a website.
- From the Scan Profile drop-down, select a scan profile (this is not displayed if you select Full with Primary Profile as the Scan Type).
- Enable the Stop the scan if the Build fails, if required.
- Enable the Fail the Build if one of the selected scan severity is detected, if required.
- In the cURL field, select Copy to copy the cURL script. (You will then paste this into the file described in the next How to.)
Using Build Fail in Pipeline Project
It is possible to configure a failure in the UrbanCode Deploy build to stop the scan when a vulnerability severity is detected for pipeline projects.
This can be configured using the MinimumSeverity and CancelScan parameters.
- 'MinimumSeverity'The options for MinimumSeverity are:: With this option, you choose which severity will fail this UrbanCode Deploy build when found in a related scan. If you choose “DoNotFail”, the detected vulnerability does not affect your UrbanCode Deploy build.
- Critical, High
- Critical, High, Medium
- Critical, High, Medium, Low
- Critical, High, Medium, Low, Best Practice
- 'CancelScan'The options for CancelScan are:: If you set this option to true, if the UrbanCode Deploy build fails because of the CancelScan choice, the related Netsparker scan will be canceled.
Using Netsparker Enterprise's UrbanCode Deploy Integration Script
You can use the Netsparker Enterprise's UrbanCode Deploy Integration Script to scan your application(s). This process has two steps to complete. First, you need to create a process, then you need to scan an application with the process you created.
- A Netsparker Enterprise's UrbanCode Deploy Integration Script
- An UrbanCode Deploy Account
Please make sure your UrbanCode Deploy environment has the Shell plug-in installed. For further information, see Shell.
How to Use Netsparker Enterprise's Script to Create a Process
- From the main menu, go to Components > [YOUR_COMPONENT] > Processes.
- Select Create Process, then enter mandatory information in the Create Process dialog. Then, select Save.
- In the Design window, select Scripting > Shell from the menu on the left.
- Drag Shell to the process, then select the pencil icon to edit.
- In the Edit Properties for Shell dialog, enter a friendly name to the Name field.
- Select Shell Script and paste the copied Netsparker Enterprise integration script.
- In the Edit Script window, select Save.
- In the Edit Properties window, select OK.
- Select Save to save your process on the main menu.
When you successfully save your process, you can scan your application(s) by using this process.
Make sure you changed the User ID and API Token information in the script generated by Netsparker Enterprise.
For further information about accessing your API information, see API Settings.
How to Scan an Application with a Process
- From the main menu, select Applications > [YOUR_APP].
- From the Application: [YOUR_APP] window, select Components.
- Select Run Process next to [YOUR_COMPONENT].
- In the dialog, select the relevant settings:
- From the Environment drop-down, select an option.
- From the Resource drop-down, select an option.
- From the Process drop-down, select an option.
- From the Version drop-down, select an option.
- Select Submit.
Following the successful completion of these steps, the scan starts in Netsparker Enterprise. You can also review the output log in the UrbanCode Deploy for further details.
For more information about UrbanCode Deploy, see IBM UrbanCode Deploy Tutorial.