Go party with the #DevOps

As part of the DevOps movement, it would be desirable to scan your web application for security vulnerability as part of the Continuous Integration loop or the minute a code change is detected. Now it’s possible with NopSec Unified VRM Web Application module linked API.

With the current release of Unified VRM – 3.4.7 – customers can call our RESTful API to automatically scan their web application assets based on a certain trigger event, such as:

  • As part of script invoked in a Continuous Integration loop, using Jenkins or Bamboo;
  • As a trigger event installing the file integrity checker OSSEC – http://www.ossec.net/ – when certain or all files in a directory specified are changed. The trigger invokes a call to the Unified VRM REST API, which schedules an automated scan.

These kind of functionalities are part of NopSec campaign to integrate security operations and DevOps.

The REST API call is structured as such:

rest api call structure

Obviously the REST API call include a special client’s username and the assigned API key and the headers above. The Asset ID can be obtained using the call referenced in Unified VRM API reference on https://nopsecvrm.docs.apiary.io/#.

REST API call include a special client's username

An example of a python script to invoke the API could be:

rest api username example

As you can see the automation can be pushed by creatively using the available RESTful API calls.

Now, security professional go talk to your DevOps guy, talk about this new capability and then go have a beer with him.