Once you have entered both of these values, your site tree will automatically be fetched from Burp Suite Enterprise Edition. If you've lost this, you need to generate a new API key or create a new API user from the Burp Suite Enterprise Edition web UI. By default, this will be something like:Įnter the API key that you generated when creating the API user earlier. Make sure you include the appropriate protocol and port. This is the URL that you normally use to access Burp Suite Enterprise Edition. Make sure your pipeline deploys the application that you want to scan to the same URL as the corresponding site in Burp Suite Enterprise Edition.Īdd a new build step and select the runner type Burp site-driven scan.Įnter the URL of your Enterprise server. Alternatively, create a new dummy project if you just want to test the integration process. Open the pipeline in which you want to incorporate a vulnerability scan. Read more Whitelisting an application for CORS Create the site-driven scan build step in TeamCity In the provided field, enter your TeamCity URL, including the protocol and port. On the network settings page, scroll down to the Allowed Origins for GraphQL API section. Log in to Burp Suite Enterprise Edition as an administrator. In order to support this behavior, you need to whitelist your TeamCity URL so that TeamCity can make the necessary cross-origin requests for retrieving your site tree and creating new scans. Site-driven scans interact with your Enterprise server via the GraphQL API. We recommend running a couple of scans from the web UI to make sure that you're happy with the scan configuration and scanner behavior before starting the CI/CD integration. You have finished setting up the site that you want to scan in Burp Suite Enterprise Edition. You have installed the plugin in TeamCity. You have created an API user in Burp Suite Enterprise Edition and have access to the corresponding API key In this section, we'll provide step-by-step instructions on the full configuration process. To integrate Burp Suite Enterprise Edition with TeamCity, we recommend using the site-driven scan option. Integrating with issue tracking platformsĮNTERPRISE Configuring a site-driven scan in TeamCity.Configuring a Burp Scan using the generic CI/CD driver.Configuring a site-driven scan using the generic CI/CD driver.Configuring a site-driven scan in TeamCity.Configuring a site-driven scan in Jenkins.Creating an API user for CI/CD integration.Environment network and firewall settings.Configuring site and scan data settings.Configuring default false positive settings.Defining the scan configuration for a folder.Defining the scan configuration for a site.Step 4: Back up your data and stop your old service.Step 1: Set up a suitable Kubernetes cluster.Step 1: Prerequisites for the installation.Preparing to deploy Burp Suite Enterprise Edition.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |