Burp Suite User Forum

Login to post

Pass the Build in Jenkins even Burp_scan shows vulnerabilities for Burp Enterprise

Rishi | Last updated: Nov 14, 2019 06:15AM UTC

Team, Could you please let me know how to pass the build in Jenkins despite vulnerabilities being identified using the burp enterprise edition? The BURP_SCAN_STATUS is succeeded in Jenkins but Build is marked as Failure since scanning found vulnerabilities. Running as SYSTEM Building in workspace C:\Program Files (x86)\Jenkins\workspace\AltoroMutual [AltoroMutual] $ cmd /c call C:\Windows\TEMP\jenkins121971880925141374.bat C:\Program Files (x86)\Jenkins\workspace\AltoroMutual>echo BURP_SCAN_URL=https://demo.testfire.net/ BURP_SCAN_URL=https://demo.testfire.net/ C:\Program Files (x86)\Jenkins\workspace\AltoroMutual>echo BURP_SCAN_IGNORE_EXACT="SSL certificate @ https://demo.testfire.net/" BURP_SCAN_IGNORE_EXACT="SSL certificate @ https://demo.testfire.net/" C:\Program Files (x86)\Jenkins\workspace\AltoroMutual>exit 0 BURP_SCAN_STATUS: initializing BURP_SCAN_STATUS: crawling BURP_SCAN_STATUS: auditing BURP_SCAN_ISSUE_EVENT: issue_found (High, Firm) - Cross-site scripting (DOM-based) @ https://demo.testfire.net/high_yield_investments.htm BURP_SCAN_ISSUE_EVENT: issue_found (High, Firm) - Cross-site scripting (DOM-based) @ https://demo.testfire.net/index.jsp BURP_SCAN_ISSUE_EVENT: issue_found (High, Firm) - Cross-site scripting (reflected) @ https://demo.testfire.net/index.jsp [content parameter] BURP_SCAN_ISSUE_EVENT: issue_found (High, Certain) - File path manipulation @ https://demo.testfire.net/index.jsp [content parameter] BURP_SCAN_ISSUE_EVENT: issue_found (High, Certain) - Cross-site scripting (reflected) @ https://demo.testfire.net/sendFeedback [name parameter] BURP_SCAN_ISSUE_EVENT: issue_found (High, Firm) - Cross-site scripting (reflected) @ https://demo.testfire.net/sendFeedback [email_addr parameter] BURP_SCAN_ISSUE_EVENT: issue_found (High, Certain) - Cross-site scripting (reflected) @ https://demo.testfire.net/search.jsp [query parameter] BURP_SCAN_ISSUE_EVENT: issue_found (High, Firm) - SQL injection @ https://demo.testfire.net/doLogin [uid parameter] BURP_SCAN_ISSUE_EVENT: issue_found (High, Firm) - SQL injection @ https://demo.testfire.net/doLogin [passw parameter] BURP_SCAN_ISSUE_EVENT: issue_found (High, Certain) - Cross-site scripting (reflected) @ https://demo.testfire.net/survey_questions.jsp [txtEmail parameter] BURP_SCAN_STATUS: succeeded BURP_SCAN_SUMMARY: requests made: 82013, network errors: 25 Build step 'Burp scan' marked build as failure Archiving artifacts Finished: FAILURE

Ben, PortSwigger Agent | Last updated: Nov 14, 2019 09:24AM UTC

Hi, Thank you for your message. Can you send us a screenshot of your Jenkin's Build configuration screen? If you could send it to support@portswigger.net then we will take a look for you.

Burp User | Last updated: Nov 14, 2019 12:35PM UTC

Hi, I have sent the screenshot of Jenkin's Build configuration screen on mentioned email. Please let me know if you need any more information.

You need to Log in to post a reply. Or register here, for free.