Qualys Policy Compliance Scanning Connector for Jenkins

Welcome to Qualys Cloud Platform! This guide helps you understand how to install and use the Qualys Policy Compliance Scanning Connector to see your Qualys PC scan data in Jenkins.

The Qualys Policy Compliance Scanning Connector empowers to automate the PC scanning of host and cloud instances from Jenkins. By integrating scans in this manner, Host or cloud instance security testing is accomplished to discover and eliminate security flaws.

Prerequisites

For integrating the Qualys Policy Compliance Scanning Connector with Jenkins, the following prerequisites must be met:

  1. You must have a subscription to Qualys Policy Compliance and your Qualys Policy compliance account that you want to use for scanning the target host must have permission to access PC API.
  2. In your Qualys PC account, create an option profile with a name starting with 'Jenkins_' and add policies to this option profile for the Policy Compliance scan.
    In the Options Profile configuration section, the plugin lists only the option profiles with a name starting with 'Jenkins_.' For more details, refer to Create PC Option Profile.

    For selected option profiles, you must select at least one policy for a successful scan launch.

  3. The PC scan requires an authentication record for the target asset. If you already have an authentication record created for the host, the Scan API uses this record to scan the host; otherwise, you can use the plugin to create a new authentication record for the host. Refer to Configure Scan Options in the guide.
  4. For the EC2 Instance scan, ensure your target instance is in the 'Running' state. The scanner appliance and EC2 connector you selected should have the same account ID (Users can see the account ID in the drop-down field for the EC2 connector and scanner on Qualys PC Scanning connector's configuration form).
  5. Currently, we support only Global Default Network.
    Ensure your target scanners and hosts are placed under the Global Default Network.

Good to Know

When the Jenkins Job with Qualys Policy Compliance Scanning connector stage is built for the first time, the Qualys Policy Compliance Scanning connector -

  1. Add a target asset (Host IP/EC2 Instance) into your Qualys subscription if not already present.
  2. The connector then creates an asset group with a name starting with 'Jenkins_AG_<Jenkins_project_name>.'
  3. On successfully creating the asset group, the connector adds the target asset into this newly created asset group.
  4. The Qualys PC Scanning connector attempts to create an authentication record using credentials the user selects if no authentication record is found and the user has selected the respective setting in the Qualys PC Scanning connector's configuration.
  5. The connector also adds policies the user selects in the configuration to the asset group created in the job.
  6. On the subsequent run, Qualys Policy Compliance Scanning Connector checks whether the asset group is present. If it already exists, the plugin overwrites the target asset and policies if they are changed in the connector configuration.

Get Started 

Perform the following steps to get started:

  1. Install the Plugin
  2. Configure Plugin

Related Topic

Qualys PC Scan Status

 

 

 

 

 

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.