Burp Suite User Forum

Create new post

Integrate BurpSuite Scan into the CICD Pipeline

Antonio | Last updated: Mar 23, 2018 03:16PM UTC

Is there documentation on how to integrate BurpSuite into the CICD pipeline? For example, once developers check in code into a source repository, a build is pushed to the development. Once the build is complete, I would like BurpSuite to automatically trigger a scan against the newly pushed code. Is this feature available?

Liam, PortSwigger Agent | Last updated: Mar 23, 2018 03:22PM UTC

We are working on a new product called Burp Suite Enterprise Edition, and its features will include integration with CI as well as: Headless server installation and unattended use, with a modern web front-end. Central configuration of an organization's web sites. Scans can be triggered by preconfigured schedules or on demand. Scalable pool of scan agents and external SQL storage, allowing huge scalability and parallel scanning. Central aggregation of scan results. Multi-user, with role-based access control. All actions drivable through a REST API, for easy integration with CI and other systems. We are planning to release the Enterprise Edition later in the year and we will let you know when we release it.

Burp User | Last updated: May 25, 2018 08:12AM UTC

Hi! Any news about Enterprise Edition? I have the same questions as Antonio Franco. Need to integrate burp in CI\CD Pipeline. Thank you for your work :)

PortSwigger Agent | Last updated: May 25, 2018 10:25AM UTC

Hi Bidyut, At the moment we are targeting support for Jenkins and TeamCity. There will also be a command line CI driver so it will be straightforward for users to plugin to other CI systems.

Burp User | Last updated: Jul 06, 2018 01:02PM UTC

In Enterprise edition what tools will be supported such as jenkins, github, etc ?

Burp User | Last updated: Aug 20, 2018 07:13PM UTC

Hi Paul Johnston, We are looking for a tool that would allow us to integrate Front-End (Selenium) and Back-End (REST API) tests with automated security analysis via CI (Jenkins) using proxies. Would Burp Suite Enterprise Edition allow me to do this? And is there an official statement on the Burp Suite Enterprise Edition capabilities? Thank you.

PortSwigger Agent | Last updated: Aug 22, 2018 01:36PM UTC

Hi Rodrigo, Keep checking the Burp blog for official announcements. Regarding the use-case where you have existing Selenium scripts and you want to add security to the testing. This is something who do plan to support in the long run, although in the short term it isn't supported.

Burp User | Last updated: Aug 30, 2018 09:17AM UTC

I would really like this feature too as I would like to run scans more efficiently than having to manually trigger them ad-hoc. Looking forward to the Enterprise Edition becoming available.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.