Denim Group, the leading independent application security firm, announced the latest version of their Jenkins Plugin to integrate with their flagship vulnerability management product, ThreadFix.
This plugin will allow development teams to incorporate application security testing into continuous integration and continuous delivery (CI/CD) pipelines, encouraging teams to address security concerns in a flexible manner.
ThreadFix allows organizations to manage their application security programs and address risks to business operations that could be affected by vulnerabilities in the networking infrastructure.
Designed for developers and security professionals, the ThreadFix platform delivers time-savings for security analysts by reducing application vulnerability counts by 35%.
With this most recent update to the Jenkins Plugin, testing is initiated by the plugin, orchestrated by the ThreadFix platform, and the results are delivered back to Jenkins as well as to defect trackers, such as JIRA.
This capability enables developers to leverage the toolsets they already have in place, while allowing them to obtain insight into application security concerns.
“Our goal is to integrate strong security practices into the development process, and a huge part of achieving this is building security directly into the tools that developers are already using,” said CTO of Denim Group, Dan Cornell.
“In fact, that is exactly why ThreadFix was built with defect tracker integrations as this consolidates security tasks directly into the developer’s regular workflow. The ThreadFix Jenkins plugin makes it easier than ever to implement security into the continuous integration process.”
Software security teams are always outnumbered by application development teams. In order to be as effective as possible, it is imperative that security teams implement application security process automation as much as possible. With Denim Group’s Jenkins Plugin, flexible policy creation reflects the realities of integrating security concerns into development.
Any security testing analysis performed during the Jenkins build (i.e. static analysis, dynamic analysis, vulnerable component checking) can then automatically be ingested to the ThreadFix server for policy review to determine if the build passes or fails based on the policy criteria.
If a vulnerability is identified while the build is stopped by a failure of a policy due to a vulnerability being identified, then the vulnerability can simultaneously be created in the developers defect tracker for faster meantime to resolution This creates an automated workflow for vulnerability management and resolution during a build process.
“Being able to use ThreadFix with Jenkins provides a streamlined process for vulnerability management, and furthers the industry need to create more secure development processes,” says Kohsuke Kawaguchi, Chief Scientist at CloudBees and Founder of the Jenkins project.
“By integrating security into the development pipeline, companies are better able to prioritize and address security concerns, promoting a more secure ecosystem.”