Qualys : Assess Vulnerabilities, Misconfigurations in CI/CD Pipeline
September 16, 2019 at 03:02 pm EDT
Share
After the publication of Golden AMI Pipeline integration with Qualys, some Qualys customers reached out asking how to integrate Qualys Vulnerability Management scanning into other types of CI/CD Pipelines. To answer these questions, we've published the new guide, Assess Vulnerabilities and Misconfiguration in CI/CD Pipelines.
[Attachment] This guide details the integration of Qualys vulnerability scanning into your pipeline in a language-, tool-, and cloud- (technology/platform) agnostic approach. It highlights the design considerations, the associated API calls needed, the response data structures, how to process response data, guidelines on setting pipeline failure thresholds, as well as tips for success.
By walking through what API calls need to be made, how to format the calls, and what the response data will be, this guide takes the guesswork out of designing and implementing a CI/CD pipeline integration with Qualys Virtual Scanner Appliances in your pipelines.
Accompanying this post is a PDF and a Postman collection for all the referenced API calls contained within the document. This Postman collection is used in conjunction with Qualys Postman Environment Collection. Once both collections are installed, you can utilize the Postman client to simulate the API calls in your environment and your subscription data to have a better understanding of the your Qualys API query response data.
Reference
Access Vulnerabilities and Misconfiguration in CI/CD Pipelines
Related
Attachments
Original document
Permalink
Disclaimer
Qualys Inc. published this content on 16 September 2019 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 16 September 2019 19:01:02 UTC
Qualys, Inc. is a provider of a cloud-based platform delivering information technology (IT), security and compliance solutions. The Companyâs integrated suite of IT, security and compliance solutions delivered on Qualys' Enterprise TruRisk Platform enables its customers to identify and manage their IT and operational technology (OT) assets, collect, and analyze large amounts of IT security data, recommend, and implement remediation actions and verify the implementation of such actions. It provides its solutions through a software-as-a-service model, primarily with renewable annual subscriptions. Its cloud platform offers an integrated suite of solutions that automates the lifecycle of asset discovery and management, security and compliance assessments, and remediation for an organizationâs IT infrastructure and assets, whether such infrastructure and assets reside inside the organization, on their network perimeter, on endpoints or in the cloud.