The following plugin provides functionality available through Pipeline-compatible steps. Read more about how to integrate steps into your Pipeline in the Steps section of the Pipeline Syntax page.

For a list of other such plugins, see the Pipeline Steps Reference page.

Sec1 Security Scanner

View this plugin on the Plugins site

sec1Security: Execute Sec1 Security Scan

  • apiCredentialsId : String

    This needs to be the ID of an existing "Sec1 API Key" credential. The key will be used to access Sec1 api.

  • actionOnThresholdBreached : String (optional)
  • applyThreshold : boolean (optional)
  • asyncScan : boolean (optional)
    Submit the scan and exit the build step without waiting for the result. The pipeline keeps running while the scan completes on the Sec1 server. View results on the Sec1 dashboard.

    If Apply Threshold is also enabled, the plugin still polls for the result because threshold checks need the final vulnerability counts. Disable Apply Threshold to get true fire-and-forget behavior.
  • runSast : boolean (optional)
  • runSca : boolean (optional)
  • sastIncrementalScan : boolean (optional)
    Run the SAST scan in incremental mode. Only changed code is analyzed, which is faster on large repositories. Requires a baseline full scan to exist on the Sec1 server.
  • sastInstallation : String (optional)
    The Sec1 SAST installation to use when SAST Mode is set to CLI. Configure installations under Manage Jenkins > Tools > Sec1 SAST CLI. Each installation either points to a pre-installed sec1-sast binary on the agent or uses the auto-installer to download it.

    This field is ignored when SAST Mode is API.
  • sastMode : String (optional)
    Where the SAST scan runs.

    API (default): the Sec1 server clones the repository and runs the scan. No local binary required.

    CLI: the scan runs on the Jenkins agent using the sec1-sast binary, then uploads the report to the Sec1 service. Useful when the repository cannot be reached from the Sec1 server. Requires a Sec1 SAST installation configured under Manage Jenkins > Tools. asyncScan and sastIncrementalScan are ignored in CLI mode.
  • scanTag : String (optional)
  • scmUrl : String (optional)
  • threshold (optional)
    Define your vulnerability threshold levels.
    e.g. if you define critical vulnerability threshold as 10 then your build will fail if more than 10 critical vulnerabilities found in the scan.
      Nested Object
    • criticalThreshold : String (optional)
    • highThreshold : String (optional)
    • mediumThreshold : String (optional)
    • lowThreshold : String (optional)
    • statusAction : String (optional)

Was this page helpful?

Please submit your feedback about this page through this quick form.

Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?

    


See existing feedback here.