Configure Environment Parameter
Click here to see this page in full context

Configure Environment Parameters

You can set the configuration parameters as secrets and variables. Secrets are used to manage the sensitive configuration data and variables are used for non-sensitive configuration data.

To configure the environment parameters for a repository:

  1. In your repository, click Settings.
  2. In the left drawer menu, click Secretes and variables > Actions.
  3. In the Actions secretes and variables pane, click Secrets > New repository secret.
    Image shows repository secrete set-up pane.
  4. In the New repository secret pane, enter the required information for secrets and click Add.

  5.   Switch to the Variables tab.

  6. Click New repository variable.
    Image shows repository variable set-up pane.

  7. On the New repository variable pane, enter the required details for a variable and click Add.

Following is the list of environment parameters:

Parameter Name

Description

Mandatory/ Optional

Parameter Type

QUALYS_PASSWORD

Use the Qualys password.

Mandatory

Secret

API_SERVER

Use the API URL. To get the list of API Server URLs, refer to Platform Identification.
Note: Platform URL or API Gateway URL is not valid for this parameter.

Mandatory

Variable

QUALYS_USERNAME

Use the Qualys username.

Mandatory

Variable

WEBAPP_ID

Use the web application ID that you want to scan.

Mandatory

Variable

SCAN_NAME

Enter a name for the scan. The timestamp gets appended automatically.

Mandatory

Variable

SCAN_TYPE

Specify the scan type - VULNERABILITY or DISCOVERY.

Mandatory

Variable

AUTH_RECORD

Use one of the following values:
useDefault: The default authentication record for the web application in WAS application is used.
other: Use this value to use a specific value for AUTH_RECORD_ID.
none: Runs the scan without authentication. It is the default value.
Note: If you use none as a parameter value, the scanner cannot login to the application where authentication is required.

Optional

Variable

AUTH_RECORD_ID

Use the specific AUTH_RECORD_ID.
Note: You must set the AUTH_RECORD parameter value as other.

Optional

Variable

OPTION_PROFILE

The option profile contains the various scan settings such as the vulnerability types that should be tested (detection scope), scan intensity, error thresholds, and so on.
Use one of the following values:
useDefault: It uses the default option profile in WAS application. It is the default value for the parameter.
other: You can use a specific value for the OPTION_PROFILE_ID parameter.

Optional

Variable

OPTION_PROFILE_ID

Use the option profile ID of your choice.
Note: You must set the OPTION_PROFILE parameter value as other to use this parameter.

Optional

Variable

CANCEL_OPTION

Use one of the following:
true: Set the parameter value to true to specify the scan end time.
false: The scan runs until it is completed. This is the default value.

Optional

Variable

CANCEL_HOURS

Use the numeric value to specify scan duration in hours.
The scan is terminated after a specified time. You must set the CANCEL_OPTION parameter value as true to use this parameter.

Optional

Variable

SEVERITY_CHECK

Use one of the following values:
true: This checks the SEVERITY_LEVEL of a vulnerability during a scan.
false: The SEVERITY_LEVEL is not checked.

Optional

Variable

SEVERITY_LEVEL

Specify the severity level of the vulnerability. You can use any values between 1-5. In Qualys, a severity level of 1 is as considered the least harmful, and a severity level of 5 is considered as most harmful.
Note: You can enter only one value as a scan parameter during a scan. The scan fails the build if it detects the vulnerability of a specified value or greater than that.
For example, if you set the severity level to 3, the build fails if the vulnerability of severity level greater than or equal to 3 is found during the scan.

Optional

Variable

FAIL_ON_SCAN_ERROR

Use true or false as the parameter value.
true: When the GitHub plugin initiates the scan and the value for this parameter is set to true, but the WAS application cannot complete the scan due to some issues, then the build fails.
false: If you set the parameter value as false, then the build does not fail due to incomplete scan. The default value for this parameter is false.

Optional

Variable

WAIT_FOR_RESULT

Use one of the following values:
true: The plugin waits for the scan results. The default value for this parameter is true.
false: The plugin does not wait for the scan results.

Optional

Variable

INTERVAL

Use the numeric value to set the polling interval in minutes to collect the scan data. For example, 5. 
By default, it is 5 minutes.

Optional

Variable

TIMEOUT

Use the numeric value to set the timeout duration in minutes to check the scan results. For example, 60. The default value of TIMEOUT is 350 minutes.
Note: The timeout limit for GitHub-hosted runners is 360 minutes. On GitHub-hosted runners, you cannot run the scan for more than 360 minutes. However, in self-hosted runners, there is no limit on timeout duration.

Optional

Variable

EXCLUDE

Use the QIDs separated by comma to exclude them from the scan.

For example, 1234, 1345. This excludes the two QIDs for vulnerability severity level failure conditions.

Optional

Variable

 All the parameter values given in the above table are case-sensitive.