Jenkins is a widely used CI/CD tool that you can host on-prem or in the cloud. By installing the CybeDefend CLI on your Jenkins agent, you can securely run scans locally and upload the results to CybeDefend.

Requirements

  1. API Key
    Follow Introduction & API Key Creation to generate and store a key in Jenkins credentials.
  2. Operating System
    Jenkins agent must be on a supported OS (Linux x86_64, Windows, macOS). For Linux, ensure glibc >= 2.27.
  3. Sufficient Resources
    At least 2–4 GB RAM, plus the recommended disk space for your repo.
By default, we recommend scanning the main (or master) branch to avoid mixing partial results across multiple branches.

Option 1: Docker-Based Scanning

If your Jenkins agent supports Docker, run the CybeDefend scanner image:
  1. Create a New Jenkins Project
    • Choose Pipeline or Freestyle with a Docker step.
  2. Configure Docker
    Make sure your agent can run containers.
  3. Build Step:
docker run --rm \
  -v $WORKSPACE:/app \
  -w /app \
  cybedefend/local-scanner:latest \
  cybedefend scan . --api-key $CYBEDEFEND_API_KEY --project-id $CYBEDEFEND_PROJECT_ID --ci

Explanation

  • -v $WORKSPACE:/app: Mount your code from Jenkins into /app.
  • cybedefend/local-scanner:latest: Our Docker image containing the CLI.
  • —ci: Outputs minimal logs for a clean pipeline.

Option 2: Installing the Binary Directly

  1. Download the Binary
    In a shell build step: 
    curl -L https://github.com/CybeDefend/cybedefend-cli/releases/download/v1.0.0/cybedefend-linux-amd64 -o cybedefend
chmod +x cybedefend
sudo mv cybedefend /usr/local/bin/
  2. Run the Scan 
    cybedefend scan . \
  --api-key $CYBEDEFEND_API_KEY \
  --project-id $CYBEDEFEND_PROJECT_ID \
  --ci
If this is your first time scanning the repo, a new project is created in CybeDefend. On subsequent scans, results are appended under the same Project ID.

Checking Results

  • Jenkins Console Output: Quick summary of discovered vulnerabilities.
  • CybeDefend “results” command: Add a new step to fetch more detailed results in JSON, HTML, or SARIF.
  • CybeDefend Dashboard: Provides an in-depth view, charts, and historical vulnerability data.
For large repos, scanning may take a few minutes. Adjust Timeout settings accordingly.
Consider gating a release by parsing CLI output or exit codes, failing the build if high-severity issues remain.