CIOREVIEW >> RSA Security >>

Denim Group Announces Latest Version of their Jenkins Plugin

By CIOReview | Friday, August 30, 2019
John Dickson, Principal

John Dickson, Principal

The updated version of Jenkins Plugin incorporating into ThreadFix platform implements security into the continuous integration process.

FREMONT, CA: Denim Group, a well-known application security firm, serves as a trusted advisor on matters of application risk and security to help organizations assess and mitigate application security risk. “Following the mantra of ‘building a world where technology is trusted’ we empower clients to build software in a faster and secure manner,” says John Dickson, Principal, Denim Group. The company has announced an updated version of the Jenkins Plugin to integrate with their flagship vulnerability management product, ThreadFix.

 ThreadFix platform powered by Denim Group effectively addresses the vulnerabilities in the networking infrastructure of an organization reducing the count by 35 percent. Initially designed for developers and security professionals, the platform saves time for security analysts. With the latest version of Jenkins Plugin, testing is initiated by the Plugin, orchestrated by the ThreadFix platform, and the results are delivered back to Jenkins and defect trackers, like JIRA. This capability leverages the toolsets that developers already use, thereby helping gain insight into application security concerns.

“Our goal is to integrate strong security practices into the development process, and a huge part of achieving this is building security directly into the tools that developers are already using,” said CTO of Denim Group, Dan Cornell. “In fact, that is exactly why ThreadFix was built with defect tracker integrations as this consolidates security tasks directly into the developer’s regular workflow. The ThreadFix Jenkins Plugin makes it easier than ever to implement security into the continuous integration process.”

Denim Group’s Jenkins Plugin allows integrating security concerns into the development process. Thus Plugin will enable development teams to incorporate application security testing into continuous integration and continuous delivery (CI/CD) pipelines, encouraging teams to address security concerns flexibly. Any security testing analysis like static analysis, vulnerable component checking, dynamic analysis performed during the Jenkins build can be automatically ingested to the ThreadFix server for a policy review to determine if the build passes or fails. If the vulnerability is identified, the build is stopped and is simultaneously created in the developers' defect tracker. This creates an automated workflow for vulnerability management and resolution during a build process.

“Being able to use ThreadFix with Jenkins provides a streamlined process for vulnerability management, and further the industry needs to create more secure development processes,” says Kohsuke Kawaguchi, Chief Scientist at CloudBees and Founder of the Jenkins project. “By integrating security into the development pipeline, companies are better able to prioritize and address security concerns, promoting a more secure ecosystem.”

Denim Group was featured in CIOReview Magazine as one of the RSA security solution providers 2017.