Burp Suite User Forum

Create new post

Pass the build despite vulnerabilities in the scan

Chaitanya | Last updated: Mar 01, 2019 11:11PM UTC

Team, Could you please let me know how to pass the build despite vulnerabilities being identified using the burp enterprise edition? I have tried all the possible options (--min-severity=high|medium|low|info|undefined|false_positive) and also with out the flag and still can't pass the build? Thanks, Chai

PortSwigger Agent | Last updated: Mar 04, 2019 09:11AM UTC

Chai - what CI system are you using? There will be a setting in the CI configuration that determines whether the failure in that phase should fail the build. Let us know which CI system and we can tell you more.

Burp User | Last updated: Mar 06, 2019 12:54AM UTC

I am using Generic CI driver with bitbucket pipelines.

PortSwigger Agent | Last updated: Mar 06, 2019 08:07AM UTC

CI Driver will exit with code 1 if it find issues in the scan that should fail the build, or code 0 otherwise. If you run CI Driver in a script on Bitbucket Pipelines then it is possible to ignore failures in the build using this technique: https://community.atlassian.com/t5/Bitbucket-questions/Pipeline-script-continue-even-if-a-script-fails/qaq-p/79469

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.