Automation helps make software development projects efficient. If changes made by Developers are used to trigger automatic scans, this saves the time required to manually configure and run scans, examine results, then assign and fix vulnerabilities. Those assigned to vulnerabilities can view scans as they are running. Meanwhile, development teams can continue to work on the areas to which they have been assigned, without having to switch tasks.
GoCD is continuous delivery software similar to Jenkins. GoCD enables you to build automation into your software development workflow (including testing, bug fixing, web security scanning and vulnerability fixing) by allowing you to trigger scans automatically when developers make changes to your web applications.
There are two steps in this procedure:
- Adding the Invicti’s installation directory to PATH environment variable of the operating system.
- Creating a Custom Command Task on GoCD.
Adding Invicti’s Installation Directory to the PATH Environment Variable
You need to add Invicti’s installation directory to your OS's PATH environment variable on every machine on which you use Invicti Standard.
How to Add Invicti’s Installation Directory to the PATH Environment Variable
- From your PC's desktop, right-click This PC, then click Properties. The Properties window is displayed.
- Click Advanced System Settings. The System Properties dialog is displayed with the Advanced tab open.
- Click Environment Variables. The Environment Variables dialog is displayed.
- From the System variables panel, click Path, then Edit. The Edit environment variable dialog is displayed.
- Click New, then enter Invicti’s installation directory path (the default is 'C:\Program Files(x86)\Netsparker')', and click OK.
- Click OK to close all remaining dialogs.
Creating a Custom Command Task on GoCD
Once you create a Custom Command Task on the GoCD and the required fields are completed, when the task runs, it automatically scans with Invicti and saves the formatted reporting file, Detailed Scan Report.
How to Create a Custom Command Task on GoCD
- Open GoCD.
- From the Pipelines window, click the round settings button () next to the pipeline you want to edit. The Quick Edit window is displayed.
- Click the Stages tab and click on the relevant stage. The Stage window is displayed.
- Click the Jobs tab, and click on the relevant job. The Job window is displayed.
- Click the Tasks tab, then click Custom Command. The Edit Custom Command task window is displayed.
- In the Command field, enter:
- In the Arguments field, enter the following code:
"Detailed Scan Report"
"C:\Program Files (x86)\Go Agent\pipelines\report_phptestsparkercom.html"
- Click Save.