Customer is a leading SaaS based Application security solution provider
Client demanded development of certified Jenkins plugin that would perform application vulnerability scans into existing continuous integration pipeline.
Sacumen developed the certified Azure Devops Extension
The extension was written in Type Script as per Azure Custom Build/Release task standards
After Azure Devops pipeline builds the web app, the Extension launches a scan on the selected web application with the configured options. Extension makes the REST API call to the platform to perform the scan
User has ability to define the failure criteria. Failure criteria is built based on severity of vulnerabilities, QID values etc. If the failure conditions are met then the Extension will fail the build
After the scan is performed, customers will be able to see results in Azure DevOps
Azure Devops Extension is available to be downloaded/Installed from the marketplace