DevSecOps integrations

The Beagle DevSecOps Plugins allow you to test your website while deploying to the cloud. The CI tools are listed below:
Prerequisites
Obtain Application Token and Access Token from Beagle Dashboard.
Generate Access Token from Beagle
Home -> Profile -> Personal access token -> New personal access token
Generate Application Token from Beagle
Home -> Applications -> Select your application -> Settings -> Application token
Jenkins

Jenkins – an open source automation server which enables developers around the world to reliably build, test, and deploy their software. This plugin can be used to trigger beagle penetration testing from jenkins

Steps

Installation of Beagle Security Plugin in Jenkins

STEP 1

  1. Login to Jenkins
  2. Navigate to Manage Jenkins -> Manage Plugins
    • Click on Check Now for retrieving latest plugin information
    • Click on Available
    • Search for Beagle Security
    • Check Beagle Security and Install
    • Restart Jenkins if necessary(Recommended)

STEP 2

You have to setup APPLICATION TOKEN and ACCESS TOKEN in Jenkins in order to trigger the test

  1. Setting up APPLICATION TOKEN
    • Select project -> Configure -> Select Build -> Add build step -> Select Trigger Beagle Penetration Testing -> Provide Application Token and Save
  2. For ACCESS TOKEN you're provided with two options:
    • Configure Globally, Then by default this ACCESS TOKEN used by the Plugin. To configure it globally follow the steps
      • Manage Jenkins -> Configure System -> Navigate to Beagle Security and Specify your token and Save
    • Configure Locally for a project, If this step is done the global configuration will be overridden for the selected project.To configure it per project follow the steps
      • Select project -> Configure -> Select Build -> Add build step -> Select Trigger Beagle Penetration Testing -> Select Advanced -> Provide Access Token and Save
Travis

Travis CI is a hosted continuous integration service used to build and test software projects hosted at GitHub. Integrate Travis and beagle to automate Test triggering

Steps

STEP 1

Add generic to the language section of your .travis.yml file
language: generic

STEP 2

Add the snippet to script section of your .travis.yml file
script: curl --silent -L https://git.io/fjXpA | bash -s

In-order to trigger beagle penetration testing you need to create two encrypted variables in Travis environment

STEP 3

  1. Login to Travis Dashboard
  2. Select your repo
  3. Go to repo settings
  4. Navigate to Environment Variables
  5. Add tokens, make sure you use environment variable names as follows:
    • For access token -> ACCESS_TOKEN
    • For application token -> APPLICATION_TOKEN
  6. Also make sure that "Display value in build log" is off
  7. Build the project!
Bitbucket

Bitbucket is a web-based version control repository hosting service owned by Atlassian, for source code and development projects that use either Mercurial or Git revision control systems. This plugin can be used to trigger beagle penetration testing from Bitbucket

Creating Pipeline

  1. Login to Bitbucket
  2. Select your Repo/Project
  3. Configure your bitbucket-pipelines.yml as follows
    • Add the following snippet to script: section
    • - pipe: beaglesecurity/beaglesecurity-test:1.1.0
        variables:
              ACCESS_TOKEN: $ACCESS_TOKEN
              APPLICATION_TOKEN: $APPLICATION_TOKEN

    • If your Repo/Project doesn't have any Pipelines Configured create new one as follows:
    • Select Pipelines from side Menu

      Navigate to "Choose a language template" -> Click on “Starter Pipeline”

      Configure the bitbucket-pipelines.yml as described above.

  4. Add the repository variables ACCESS_TOKEN and APPLICATION_TOKEN to Bitbucket Pipelines
    • click on Mechanical Wheel Icon -> Add Name:ACCESS_TOKEN and Value: access token generated from Beagle Dashboard. Repeat same for APPLICATION_TOKEN, Check "Secured" for keeping the tokens as secret
  5. Click on Commit
AWS CodePipeline

AWS CodePipeline is a continuous delivery service you can use to model, visualize, and automate the steps required to release your software. You can quickly model and configure the different stages of a software release process.

Steps

Setting up the Stage

  1. Access your CodePipeline from aws and click on Edit
  2. Click on Add stage
  3. Set the name as beagle-test-trigger
  4. Click Add action group on beagle-test-trigger
    • Set Action name to test-trigger
    • Set Action Provider as AWS CodeBuild
    • Set Input Artifacts
    • At Project Name click on Create Project
    • On Environment set Environment Image to Custom Image
    • Set Environment type to Linux
    • Set Image Registry to Other Registry
    • Set External registry URL to beaglesecurity/beagle-test-trigger-common
    • In Additional Configurations Set Environment Variables ACCESS_TOKEN and APPLICATION_TOKEN, to do so click on create parameter -> set name ACCESS_TOKEN value as your access token generated from beagle. Repeat the same for APPLICATION_TOKEN. Now the value field of enviroment will be loaded with parameter reference. Name them as ACCESS_TOKEN and APPLICATION_TOKEN in their respective Name fields
    • In Build Spec select Insert Build Commands, At build commands type trigger-test
    • Set your log preference and click on Continue to CodePipeline
    • Click Done
  5. Now when you build the CodePipeline the beagle-test-trigger stage will be invoked and your test will be automatically triggered!
Azure Pipelines

Azure Pipelines is part of the Microsoft Azure DevOps Services and allows one to continuously build, test and deploy to any platform or cloud.

Steps
  1. Go to extension for Azure DevOps (Visual Studio Marketplace)
  2. Search the marketplace for Beagle Security Test or follow this link and install it.
  3. Goto your Project
  4. You can configure Beagle test in your release pipeline or build pipeline.
  5. For Release Pipeline.
    • Navigate to Pipelines -> Releases.
    • Create a new pipeline or edit an existing pipeline and Add a Task.
    • Search in Tasks for Beagle Security Test and add it.
  6. To create a new pipeline or modify the existing pipeline
    • Navigate to Pipelines
    • Create a new pipeline by clicking on Create Pipeline button or edit an existing pipeline
    • Click on Show Assistant button on the top-right side.
    • Search in Tasks for Beagle Security Test and add it.
  7. Provide the Application Token and Access Token you have generated from your Beagle Security account
  8. Now, when your build or release pipeline is triggered, your Beagle Security Test will run.
Github Action

GitHub Actions is an API for cause and effect on GitHub: orchestrate any workflow, based on any event, while GitHub manages the execution, provides rich feedback, and secures every step along the way.

How add Beagle Github Action

  1. Add the Application Key and Access Key as secrets in your repo.
    • Navigate to Secrets in repo settings.
    • Add beagle access_token and application_token as secrets.
  2. Navigate to Github Marketplace and search for Beagle Security Test
  3. Follow the instructions
Bamboo

Bamboo is a continuous integration and continuous deployment server developed by Atlassian. Although initially available both as an on-premises and cloud computing service

Steps

STEP 1

Downloading Beagle Task jar file

Download beagle-X.X.X.jar from Here

STEP 2

Installation of Beagle Security Task in Bamboo

  1. Login to Bamboo
  2. Navigate to Administration -> Manage apps
  3. Upload beagle-X.X.X.jar at Upload app
  4. You'll be prompted by Installed and ready to go!

STEP 3

Create a plan with Beagle task

  • Select your project -> Create -> create plan
  • Fill the necessary details and click Configure plan
  • Click Add task -> Select Beagle Security
  • Provide APPLICATION TOKEN and ACCESS TOKEN
  • Click Save then Create
  • Run the plan to trigger beagle test
GitLab

GitLab is a web-based DevOps lifecycle tool that provides a Git-repository manager providing wiki, issue-tracking and CI/CD pipeline features, using an open-source license.This pipeline can be used to trigger beagle penetration testing from GitLab

Creating Pipeline

  1. Login to GitLab
  2. Select your Project
  3. Configure your .gitlab-ci.yml as follows
    • Add the following snippet

      beagle-trigger :
          image: beaglesecurity/beagle-gitlab-pipeline
          script:
              trigger-test

  4. Add the environment variables ACCESS_TOKEN and APPLICATION_TOKEN to GitLab project.
    • Navigate to Settings -> CI/CD -> Variables
    • Add Variables, ensure the variable names are named as follows : ACCESS_TOKEN, APPLICATION_TOKEN. Make sure that Variables are State is Protected and Masked(Recommended)
    • Click Save Variables
  5. Now Trigger your build and you can see beagle-trigger running in CI/CD -> Jobs
Codeship

Codeship is a fast and secure hosted Continuous Integration service that scales with your needs. It supports GitHub, Bitbucket, and Gitlab projects. Integrate Codeship and beagle to automate Test triggering

Steps

STEP 1

In-order to trigger beagle penetration testing you need to create two environment variables

  1. Login to CODESHIP
  2. Select your project
  3. Go to project settings
  4. Navigate to Environment
  5. Add tokens, make sure you use environment variable names as follows:
    • For access token -> ACCESS_TOKEN
    • For application token -> APPLICATION_TOKEN
  6. Save Configuration

STEP 2

In-order to trigger beagle penetration testing you need to setup deploy script

  1. Go to project settings
  2. Navigate to Deploy
  3. Select your branch to deploy
  4. After selecting branch scroll down to Add Deployment and select Script
  5. Add the following snippet to Deployment Commands

    curl --silent -L https://git.io/fjXpj | bash -s

    • click on Create Deployment
  6. Build the project!
Buddy

Buddy is a web-based and self-hosted continuous integration and delivery software for Git This pipeline can be used to trigger beagle penetration testing from Buddy

Creating Pipeline

  1. Login to Buddy
  2. Select your Project
  3. Click on Add new pipeline
  4. Set the name as beagle-trigger ,Fill the rest details according to your choice. Then click on Add a new pipeline
  5. Now you will be prompted with 'Add a new action to beagle-trigger'.
  6. Set the following parameters as follows
    • Docker image : Pull docker image from Registry
    • Registry : Docker Hub Public
    • Image : Search for beaglesecurity select beaglesecurity/beagle-test-trigger-common
    • Version : latest
    • User : As of your choice
  7. Add the environment variables ACCESS_TOKEN and APPLICATION_TOKEN to Pipeline.
    • Click on Variables
    • Click on Add a new variable.
    • Limit the scope to this action
    • Set Encryption : Enabled
    • Ensure that the variable names are named as follows : ACCESS_TOKEN, APPLICATION_TOKEN
  8. Click on Add this action
  9. Run the pipeline to trigger beagle security test
CircleCI

CircleCI allows teams to rapidly build quality projects, at scale. This workflow can be used to trigger beagle penetration testing from CircleCI

Creating Pipeline

  1. Login to CircleCI
  2. Select your Project
  3. Configure your config.yml in .circleci folder as follows
    • Add the following snippet to `jobs:` section
    • beagle-trigger:
          docker:
              - image: beaglesecurity/beagle-test-trigger-common:latest
          steps:
              - run:
                  command: trigger-test

    • Add the beagle-trigger line to jobs: of workflow: section
      Example:

      workflows:
          version: x
          workflow-name:
              jobs:
                  - job 1
                  - job 2
                  - beagle-trigger

  4. Add the environment variables ACCESS_TOKEN and APPLICATION_TOKEN to CircleCI project.
    • Click on Mechanical Wheel Icon
    • Navigate to Environment Variables and click on Add Variable
        Ensure the variable names are named as follows : ACCESS_TOKEN, APPLICATION_TOKEN
  5. Now Trigger your build and you can see beagle-trigger workflow running
Wercker

Wercker is a Docker-based continuous delivery platform that helps software developers build and deploy their applications and microservices.To trigger Beagle penetration testing from Wercker

Steps

STEP 1

Setting up Environment

  1. Open your Wercker project
  2. Navigate to Environment
  3. Add the environment variables ACCESS_TOKEN and APPLICATION_TOKEN, Check Protected(Recommended).
    • Ensure that the variable names are named as follows : ACCESS_TOKEN, APPLICATION_TOKEN

STEP 2

Adding beagle-step to your project

  1. Open your Wercker project
  2. Navigate to Steps store. Search for beagle-security
  3. Click on beagle-security
  4. Follow the instructions
Experience the power of automated penetration testing & contextual reporting.