The Qualys WAS Connector for Bamboo empowers DevOps to build Web app vulnerability scans into their existing CI/CD processes
Qualys WAS as a Task
Use the Qualys connector as a task in your bamboo project. In the Tasks tab, click Add Task, and simply search for “Qualys” to get the 'Scan web applications with Qualys WAS' task. Click on it to add it as a build task.
Configure the Qualys WAS connector. Select the web application you want to scan and fetch vulnerabilities for and configure the build fail conditions.
After the web app scan is launched and completed, connector pulls in the vulnerability data for configured web app from Qualys platform and renders nice visual reports of the vulnerabilities and statistics.
With a valid Qualys WAS account, you can configure the plugin to fail the build if certain criteria are met such as presence of specific QIDs or a severity 5 vulnerability for example. Scan results can be viewed directly in Bamboo and a link to the full scan report in the Qualys UI is also provided. The plugin supports all Qualys shared platforms as well as customers using a private cloud platform (PCP). For more details, please refer Qualys Web App Scanning Connector for Bamboo User Guide.
Privacy and security