Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Integration of Burp with Jenkins

Utkarsh | Last updated: Sep 01, 2016 08:51AM UTC

Hi, I'm using Burp suite pro version. Is it possible to automate the Burp scanning so that we can integrate with the build? Like we have automation testing scripts which we integrated with the build using CI tool Jenkins. Is there any process to automate the burp scanning whenever there is a build, burp need to scan the UI automatically once the build is completed. Thanks

PortSwigger Agent | Last updated: Sep 02, 2016 09:53AM UTC

There is currently limited support for this within Burp. There is an extension in the BApp Store called Carbonator that lets you perform a primitive crawl and scan of a specific target via command line arguments. In our medium-term roadmap, we will be releasing full native capabilities for automated scanning, and integrations with popular CI platforms like Jenkins.

Burp User | Last updated: Oct 31, 2016 11:29AM UTC

Same problem here. I use burp a lot to do manual security testing but as far as integrating it into your CI...well Burp is not the tool you should be using. You can write extensions but what i found though is the documentation for the API is quite poor and it will take a some time to produce a semi decent extension, time that normally you don't have. Carbonator extension mentioned above is very basic.

PortSwigger Agent | Last updated: Oct 31, 2016 11:57AM UTC

The good news is that during 2017 we will be releasing some brand new capabilities in Burp that will provide off-the-shelf easy integration with CI pipelines.

Burp User | Last updated: Nov 22, 2016 09:04AM UTC

@Dafydd Stuttard do you know roughly when in 2017 you will have this capability? I need to plan whether to wait for the feature or use ZAP

PortSwigger Agent | Last updated: Nov 22, 2016 09:11AM UTC

We are already testing a pre-release version of this capability internally, and we are expecting it to be available publicly sometime in the second half of 2017.

Burp User | Last updated: Mar 14, 2017 09:59AM UTC

Any chance we could get a pre-beta version with this function please :) ? I really would love to try integration my burp pro into CI

PortSwigger Agent | Last updated: Mar 14, 2017 10:00AM UTC

Please email support@portswigger.net and we can discuss this request.

Burp User | Last updated: May 10, 2017 04:00PM UTC

Do you have any initial information on the licensing model that would be available for this integration?

PortSwigger Agent | Last updated: May 15, 2017 08:06AM UTC

The licensing model will broadly be based on the number of installations as opposed to number of users. We will provide more details nearer the time of release.

Burp User | Last updated: May 19, 2017 09:38AM UTC

@Dafydd Stuttard Is the plugin released for easy integration with CI pipelines?

PortSwigger Agent | Last updated: May 22, 2017 07:59AM UTC

No, we do not have anything publicly available at present.

Burp User | Last updated: Jul 26, 2017 12:23PM UTC

Will the CI integration be available to free users as well?

Liam, PortSwigger Agent | Last updated: Jul 26, 2017 01:19PM UTC

No, the CI integration will be part of Burp Enterprise Edition. We will provide more details nearer the time of release.

Burp User | Last updated: Aug 07, 2017 08:23AM UTC

Do you have any update about the CI plugin release? I'm in the same situation as Steve and I've to choose between ZAP and Burp.

Liam, PortSwigger Agent | Last updated: Aug 07, 2017 08:29AM UTC

We do not have anything publicly available at present. We hope that towards the end of 2017 we should have a pre-release version that we can share with you that will support native integration with some popular CI platforms. The new edition of Burp will offer various capabilities: Headless server installation and unattended use, with a modern web front-end. Central configuration of an organization's web sites. Scans can be triggered by preconfigured schedules or on demand. Scalable pool of scan agents and external SQL storage, allowing huge scalability and parallel scanning. Central aggregation of scan results. Multi-user, with role-based access control. All actions drivable through a REST API, for easy integration with CI and other systems.

Burp User | Last updated: Oct 26, 2017 11:04AM UTC

Hi, Any news or ETA on the new feature? Thanks :)

Liam, PortSwigger Agent | Last updated: Oct 26, 2017 11:05AM UTC

We still hope that towards the end of this year we should have a pre-release version that we can share with you. We will send you more details about how to obtain this version as soon as it is available.

Burp User | Last updated: Nov 17, 2017 09:45PM UTC

Good afternoon, I was wondering whether the pre-release version is already available. We have the Pro license. Thank you

Liam, PortSwigger Agent | Last updated: Nov 20, 2017 10:14AM UTC

There was an initial trial which we are no longer running. We'll send you the pre-release when it is available.

Liam, PortSwigger Agent | Last updated: Nov 20, 2017 10:15AM UTC

Thanks for your messages. We'll send you the pre-release when it is available.

Burp User | Last updated: Dec 07, 2017 06:39PM UTC

Hey, I would also like to be notified when there is a pre-release version of this. Thanks

Burp User | Last updated: Dec 08, 2017 12:58AM UTC

Please notify the pre-release version when available. Thank you!

Burp User | Last updated: Dec 18, 2017 09:01AM UTC

Hello, would you notify me when this version will be available, thanks

Liam, PortSwigger Agent | Last updated: Dec 18, 2017 09:16AM UTC

Mohiddin, the Burp Enterprise Edition will be a separate product rather than a plug-in.

Burp User | Last updated: Jan 09, 2018 01:48PM UTC

Hello, would you notify me too when this version will be available, thanks

Burp User | Last updated: Jan 11, 2018 05:49AM UTC

Please notify me as well ! Many thanks,

Burp User | Last updated: Jan 14, 2018 07:52PM UTC

Please share if new version is available available with CI integration...

Burp User | Last updated: Jan 23, 2018 05:37PM UTC

I would like to be notified when this is available, thank you!

Burp User | Last updated: Jan 25, 2018 11:11AM UTC

Please notify me as well when this is available.

Burp User | Last updated: Feb 01, 2018 12:22PM UTC

Hello! I would like to be notified when this is available, thank you!

Burp User | Last updated: Feb 06, 2018 12:11PM UTC

Hi, Please notify me as well when this is available

Burp User | Last updated: Feb 07, 2018 08:55AM UTC

Please notify me as well when this is available

Burp User | Last updated: Feb 07, 2018 05:18PM UTC

Guys, Am also interested to know if there is any plug-in which can be used to integrate burp with Jenkins. Thanks, Mohiddin

Burp User | Last updated: Feb 23, 2018 09:49AM UTC

Is there any news on when this feature / Enterprise Edition will be released?

Paul, PortSwigger Agent | Last updated: Feb 23, 2018 10:09AM UTC

Thanks for your message. We're currently working on the Enterprise Edition (which will include easy CI integration). As soon as we are able to provide release timing we'll let you know

Burp User | Last updated: Mar 02, 2018 03:26AM UTC

When is the Enterprise Edition be released ? Will that be a different pricing model ?

Liam, PortSwigger Agent | Last updated: Mar 02, 2018 12:15PM UTC

Biswajit, we hope to have the Enterprise Edition ready for the second half of 2018. The pricing model will be different. We'll release information at the appropriate time.

Liam, PortSwigger Agent | Last updated: Apr 27, 2018 08:36AM UTC

This release will be a separate product rather than an extension. There is no beta version of the CI integration software available. Unfortunately, we can't provide an exact release date at this time. We still hope to have the Enterprise Edition ready for the second half of 2018.

Burp User | Last updated: Apr 30, 2018 03:25PM UTC

How is progress on this piece? I see this dialogue goes back quite some time. Looking forward! Rob

Burp User | Last updated: May 16, 2018 02:31PM UTC

@Dafydd Stuttard / @ Liam Tai-Hogan - Is the plugin released for integration with CI pipelines in Pro version? If not what is release date? Is there any Beta version which we can use.

Burp User | Last updated: Jul 06, 2018 12:17PM UTC

Hi Team, Is the CI tool ready and how soon we can expect that in pro version ?

PortSwigger Agent | Last updated: Jul 06, 2018 02:29PM UTC

This product is currently in a beta It will be a separate product line; the CI integration functionality will not be made part of Burp Pro.

Burp User | Last updated: Sep 06, 2018 06:12PM UTC

Hi, Please let me know when the beta or more information on the Enterprise Edition is available. We are deciding on using Peach or Burp based on the CI integration.

PortSwigger Agent | Last updated: Sep 07, 2018 08:15AM UTC

Burp Enterprise is available now! - https://portswigger.net/blog/burp-suite-enterprise-edition-beta-now-available

PortSwigger Agent | Last updated: Sep 18, 2018 02:00PM UTC

Rahul - Thanks for getting in touch; we will reply to your email.

Burp User | Last updated: Oct 12, 2018 03:37PM UTC

Hi i set up the Enterprise beta version on a server with a corporate proxy, there is still an issue in regards to inserting the license. the application is offline and cannot activate, even though its been setup within the correct proxy setting. Hopefully you can look at this issue, i sent a screenshot and information to your support email.

Burp User | Last updated: Oct 20, 2018 12:18AM UTC

Hello, i have installed burp scan plugin in Jenkins. Still as per your blog post article, it's not appearing in build step options. I have sent an email to your support.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.