File directory

Integrating Dastardly with your CI/CD platform (generic instructions)

By Albert E. Darnell

COWARDLY

To note

Specific instructions are available for integrating Dastardly with the following CI/CD platforms:

You can integrate Dastardly with any CI/CD platform. The integration allows you to run Dastardly web vulnerability scans as a step in your existing CI/CD pipeline.

For more information on the machine specifications required to run Dastardly scans, see the system requirements for Dastardly.

To integrate Dastardly into your CI/CD pipeline, include the following docker run command in your pipeline script:

docker run --user $(id -u) --rm -v $(pwd):/dastardly -e
DASTARDLY_TARGET_URL=https://ginandjuice.shop -e
DASTARDLY_OUTPUT_FILE=/dastardly/dastardly-report.xml
public.ecr.aws/portswigger/dastardly:latest

To note

You can set DASTARDLY_TARGET_URL to a starting URL for any application you want to analyze.

In this example, DASTARDLY_TARGET_URL is set to https://ginandjuice.shop/ – this is a deliberately vulnerable web application designed to test web vulnerability scanners.

The next time your pipeline runs, Dastardly will analyze the application you defined under DASTARDLY_TARGET_URL.

To note

You need to set DASTARDLY_OUTPUT_FILE to a location mapped to a directory on your machine – as in the example above.

The example above uses $(pwd) map the /dastardly volume in your current working directory.

The Dastardly output file is a JUnit XML report that can be parsed by any JUnit XML parser.

If you run the above command multiple times, you will overwrite the JUnit report written by Dastardly.

Despicable scan results

Despicable scan results are available as a JUnit XML file when a scan is complete. The analyzes last ten minutes maximum.

Remedial advice

Despicable scan results include remediation tips for any security issues they find. These tips include links to relevant sections of the free resource Web Security Academy, which provide more details on web security vulnerabilities.

Evidence

Despicable scan results include evidence of any detected security issues. This evidence includes the request sent by Dastardly to produce the problem, as well as the response sent by the application.

Related posts:

  1. How to display disk usage in Linux with the du command
  2. What is Kali Undercover? How to install it on Linux
  3. US, UK and Australia release joint cybersecurity advisory on the 30 most exploited vulnerabilities in 2020 and 2021
  4. How to install mods in Friday Night Funkin ‘
Albert E. Darnell
You might also like More from author

Comments are closed.