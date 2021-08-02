Log in
E-mail
Password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Settings
Settings
Dynamic quotes 
OFFON
  1. Homepage
  2. Equities
  3. United States
  4. Nasdaq
  5. Rapid7, Inc.
  6. News
  7. Summary
    RPD   US7534221046

RAPID7, INC.

(RPD)
  Report
Real-time Estimate Quote. Real-time Estimate Cboe BZX - 08/02 09:54:57 am
113.385 USD   -0.32%
09:32aRAPID7 : 3 Steps to Integrate Rapid7 Products Into the DevSecOps Cycle
PU
06:21aRAPID7 : KeyBanc Starts Rapid7 at Overweight With $135 Price Target
MT
07/28RAPID7 : Philipp Amann on No More Ransom
PU
SummaryQuotesChartsNewsRatingsCalendarCompanyFinancialsConsensusRevisions 
SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector news

Rapid7 : 3 Steps to Integrate Rapid7 Products Into the DevSecOps Cycle

08/02/2021 | 09:32am EDT
share with twitter
share with LinkedIn
share with facebook

DevSecOps is the concept and practice of integrating security into the DevOps cycle. The idea is to bring the different phases of security into the DevOps model and try to automate the entire process, so security is integrated directly into the initial application builds.

In this post, we'll take a closer look at how to integrate security tools into the various phases of the DevSecOps cycle. We'll focus here on Rapid7 tools like InsightVM, InsightAppSec, and InsightOps; the same principles apply to integrating other open-source security tools into the process.

In this simple, three-step setup, we'll use Gitlab as the Version Control System and Jenkins as the build automation server. (Before getting started, you'll need to have the integration between Gitlab and Jenkins completed.)

We'll be using a simple declarative script in our pipeline, as follows:

Step 1: Integrate InsightAppSec

First, we'll include the InsightAppSec Scan in the pipeline. Ideally, this would be in the DAST stage.

To get started, we'll install the InsightAppSec Plugin. We'll need a few more details on hand, like the Scan Configuration ID and the InsightAPI key, which you can fetch from the InsightAppSec platform. We can then set up the scan on the InsightAppSec platform or use the InsightAppSec APIs to create a scan. Once we have the required details, we can kick-start the scan in our pipeline.

Here, we've used python script to add an app and create a scan configuration on the InsightAppSec platform.

Now, with the App Name and Scan Configuration ID, we can set up the scan in the pipeline with the following code:

We've replaced the 'scanConfigId' and 'appId' details ― we just need to replace the 'insightCredentialsId' with the InsightAppSec API key. Setting the 'enableScanResults' option to 'true' will show results of the scan as a new option on the Jenkins Build page, with the label InsightAppSec Scan Results.

Step 2: Integrate the InsightVM Container Scanner

Next, we'll integrate the InsightVM Container Scanner in the pipeline. In this step, we'll build our Docker Image and scan it using InsightVM Container Scanner before pushing it into our registry to host apps in our staging or production environment.

To get started, we first have to install the InsightVM Container Scanner plugin on our Jenkins Server.

We'll be building our Docker container using a Dockerfile, which we have to add to our Gitlab repository. After building the Docker container, we'll scan it using the InsightVM Scanner.

We can set up the InsightVM Scanner in our pipeline with the following code:

The results of the pipeline should appear as a new option on the build page, with the label Rapid7 Assessment. Alternatively, the results are also available on the Builds tab of the Containers option within the InsightVM platform.

Step 3: Integrate InsightOps

In the final step, we'll integrate InsightOps, Rapid7's log management solution, into the pipeline. This integration will forward all the logs to the InsightOps platform.

To get started, we have to install the Logstash plugin on our Jenkins server. Then, to set up InsightOps, we'll have to configure a collection source on our InsightOps platform.

Simply log into the InsightOps platform, then click on Add Data > Select Webhook - you'll find this option under System data. Then, name the log set as Jenkins-Console and copy the URL for the log entries.

On the Jenkins Server, head to the Configuration page and scroll down to the Logstash option. Click on 'Enable sending logs to an Indexer,' and select the Indexer type as Elastic Search. Finally, paste the log-entries URL that was copied from InsightVM. Remember to append the InsightAPI key to the URL.

To send the logs, we can either select the Enable Globally option or add the Logstash option to the pipeline, as shown in the following code:

After editing the pipeline, we can run the build again and look at the logs data on our InsightVM dashboard.

Lastly, we've embedded some other open-source tools to complete our DevSecOps pipeline. The final pipeline looks something like this:

This three-step process is an intuitive way to integrate Rapid7 products into a DevSecOps pipeline, but it's just one way to approach the task. Because our products support APIs, you can set up the integration according to your environment, so you have the flexibility to build the DevSecOps pipeline you need.

Disclaimer

Rapid7 Inc. published this content on 02 August 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 02 August 2021 13:31:06 UTC.


© Publicnow 2021
All news about RAPID7, INC.
09:32aRAPID7 : 3 Steps to Integrate Rapid7 Products Into the DevSecOps Cycle
PU
06:21aRAPID7 : KeyBanc Starts Rapid7 at Overweight With $135 Price Target
MT
07/28RAPID7 : Philipp Amann on No More Ransom
PU
07/27RAPID7 : Multiple Open Source Web App Vulnerabilities Fixed
PU
07/26DECRYPTER FOMO NO MO' : Five Years of the No More Ransom Project
PU
07/21WHAT'S NEW IN INSIGHTAPPSEC AND TCEL : Q2 2021 in Review
PU
07/21MICROSOFT SAM FILE READABILITY CVE-2 : What You Need to Know
PU
07/21GROW YOUR CAREER AT RAPID7 : North America Sales
PU
07/20WIPRO : Sells Entire Stake in Israeli Cyberthreat Intelligence Company for $19 M..
MT
07/20RAPID7 : Acquisition of IntSights Cybersecurity Threat Intelligence Provider Pre..
MT
More news
Financials (USD)
Sales 2021 505 M - -
Net income 2021 -116 M - -
Net Debt 2021 248 M - -
P/E ratio 2021 -59,2x
Yield 2021 -
Capitalization 6 271 M 6 271 M -
EV / Sales 2021 12,9x
EV / Sales 2022 10,7x
Nbr of Employees 1 847
Free-Float 96,5%
Chart RAPID7, INC.
Duration : Period :
Rapid7, Inc. Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends RAPID7, INC.
Short TermMid-TermLong Term
TrendsBullishBullishBullish
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus BUY
Number of Analysts 14
Last Close Price 113,75 $
Average target price 108,77 $
Spread / Average Target -4,38%
EPS Revisions
Managers and Directors
Corey Eugene Thomas Chairman & Chief Executive Officer
Andrew Frank Burton President & Chief Operating Officer
Jeffrey Alan Kalowski Chief Financial Officer
Tas Giakouminakis Chief Technology Officer
J. Benjamin H. Nye Lead Independent Director
Sector and Competitors
1st jan.Capi. (M$)
RAPID7, INC.26.16%6 271
MICROSOFT CORPORATION28.10%2 141 068
SEA LIMITED38.74%144 828
ZOOM VIDEO COMMUNICATIONS, INC.12.09%112 281
ATLASSIAN CORPORATION PLC39.02%81 665
DASSAULT SYSTÈMES SE39.99%72 513