Skip to main content

CI/CD pipeline integrations

This topic describes the developer workflow when you use webhooks with DAST Essentials to add dynamic analysis to your CI/CD pipelines. If you need assistance, contact Veracode Technical Support.

dast-essentials-int-workflow.png

  1. Your developer commits code or triggers your CI/CD pipeline through another event.

  2. Your CI/CD toolchain deploys your code to your staging/test system.

  3. After building your staging system, your CI/CD pipeline uses a webhook to trigger the scan.

  4. DAST Essentials scans your newly built system and launches the attack vector scanners.

  5. DAST Essentials provides the following reports:

    a. The Scan details page in the UI.

    b. Downloadable reports in PDF, JUnit, or CSV format.

    These reports can be pulled back in the CI/CD toolchain through your webhook.

  6. Because machines can read the reports, you can let builds fail based on your own set of rules. Example rules to let builds fail include:

    a. The number of detected vulnerabilities.

    b. The maximum severity of detected vulnerabilities.

  7. If DAST Essentials finds a vulnerability, you can quickly fix the detected vulnerabilities through the integrated docs with specific code examples to remediate vulnerabilities efficiently.
    If there are no vulnerabilities, your CI/CD toolchain deploys the new code to your production system.