DocumentationAPI ExplorerRecipesCommunityChangelogRSS
Back to All
added

Web App Scanning: Export Scan Configuration for CI/CD

2 months ago by Lance Duvall

A new endpoint has been added to the Tenable Web App Scanning API that enables users to export a WAS scan configuration file for use with the new CI/CD (continuous integration / continuous delivery) scanning integration. You can integrate Tenable WAS Docker images with GitHub, GitLab, Jenkins, CircleCI, or Bamboo to scan builds and prevent vulnerabilities before your code and applications are deployed. For more information, see CI/CD Application Scan Overview in the Tenable Web App Scanning User Guide.

The new endpoint is described in the following table:

EndpointNameDescription
GET /api/v3/export/configs/{config_id}Export scan configuration for CI/CDDownloads the specified scan configuration in HOCON (Human-Optimized Config Object Notation) format for use with WAS Docker images in CI/CD mode.

Example

To export a scan configuration with the UUID 262a01a3-9de3-43f9-bed6-b4da34015d71, you could use the following cURL request after inserting the UUID in the config_id path parameter:

curl --request GET \
     --url https://cloud.tenable.com/api/v3/export/configs/262a01a3-9de3-43f9-bed6-b4da34015d71 \
     --header 'X-ApiKeys: accessKey=<YOURKEY>;secretKey=<YOURKEY>' \
     --header 'accept: application/octet-stream'

The request returns the scan configuration in HOCON (Human-Optimized Config Object Notation) format:

"config_id"="262a01a3-9de3-43f9-bed6-b4da34015d71"
"template_id"="426ce117-b083-423c-a256-01e2e1e3cd55"
"results_visibility"=dashboard
scan {
    assessment {
        dictionary=limited
        enable=true
        fingerprinting=false
        "rfi_remote_url"="http://rfi.nessus.org/rfi.txt"
    }
    audit {
        cookies=true
        forms=true
        headers=true
        jsons=true
        links=true
        "parameter_names"=false
        "parameter_values"=true
        "path_parameters"=false
        "ui_forms"=true
        "ui_inputs"=true
        xmls=true
    }
    browser {
        analysis=false
        "ignore_images"=true
        "job_timeout"=60
        "pool_size"=3
        "screen_height"=1200
        "screen_width"=1600
    }
    chrome {
        "script_command_wait"=500
        "script_finish_wait"=5000
        "script_page_load_wait"=30000
    }
    "debug_mode"=false
    http {
        "custom_user_agent"=false
        "include_scan_id"=false
        "request_concurrency"=10
        "request_headers" {
            Accept="text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
            Accept-Language="en-US,en;q=0.5"
        }
        "request_redirect_limit"=2
        "request_timeout"=30
        "response_max_size"=5000000
        "user_agent"="WAS/%v"
    }
    plugin {
        families=[]
        ids=[]
        mode=disable
        names=[]
        "rate_limiter" {
            autothrottle=true
            "requests_per_second"=25
            "timeout_threshold"=100
        }
    }
    scope {
        "auto_redundant_paths"=5
        "decompose_paths"=false
        "deduplicate_pages"=false
        "directory_depth_limit"=10
        "dom_depth_limit"=5
        "exclude_binaries"=true
        "exclude_file_extensions"=[
            js,
            css,
            png,
            jpeg,
            gif,
            pdf,
            csv,
            svn-base,
            svg,
            jpg,
            ico,
            woff,
            woff2
        ]
        "exclude_path_patterns"=[
            logout
        ]
        option=all
        "page_limit"=10000
    }
    timeout="08:00:00"
    }
    target="https://example45.com"
}
"vulnerability_threshold"=High