Skip to main content

Define security controls at a system level

After you define a connection in Jenkins, define if you are using freestyle jobs, you may want to set Contrast vulnerability security controls at a system level. Alternatively, you can set security controls at a job level, or if you use a job outcome policy those security controls will take precedence.

  1. Under Contrast Connections > Contrast Vulnerability Security Controls, select a Connection you have previously created, from the dropdown.

  2. Set the Number of Allowed Vulnerabilities. This number is exclusive; if you set it to "5", Jenkins will fail if there are six or more vulnerabilities. This field is required.

  3. Choose a Vulnerability Severity from the options in the dropdown. (These are the same vulnerability severity options in Contrast.) The plugin sets a filter in the API call for all vulnerabilities greater than or equal to this field. This field is not required, but selecting it will narrow your results. So if the number is set to "5" and the severity to High, Jenkins will fail if there are six or more critical vulnerabilities.

  4. Choose a Vulnerability Type (rule name) from the dropdown. The plugin checks for the number of vulnerabilities with the rule type selected and compares it to the number of allowed vulnerabilities for that rule. This field is not required, but selecting it will narrow your results. You can choose one severity and one rule type per security control.

  5. Choose from the list of Vulnerability Statuses. Statuses aren't required, but can be helpful. For example, select Confirmed and Suspicious to only return vulnerabilities with an open status. Leave this blank if you don't want to filter vulnerabilities by statuses.

    You can add multiple vulnerability security controls, but the plugin will fail the job on the first bad condition. The plugin will set the build result on the first violated vulnerability security control.

In this section: