Integrating Cryptographic Security Testing into CI

Graham Steel
April 6, 2018

Continuous Integration or CI is a more and more widely adopted software engineering practice. A best practice for CI is to make the build self-testing, and recently this has started to include security testing. Cryptosense Analyzer, our tool for testing crypto security in applications, now integrates into CI.

Most CI systems (like Jenkins) manage builds and tests and pull the results in some kind of dashboard for the project. Adding a test tool usually works via a Web API for the test tool and a client plugin for the CI system. We've just finished work on opening a REST API for Cryptosense Analyzer and a Jenkins plugin to allow results to be viewed without leaving the CI system. We also built a Gradle plugin that puts our tracer agent into a build, collects the resulting traces, and takes care of submitting them to our REST API.

Documentation for our simple API is public, and further clients will follow soon. If you have a favourite build or CI tool you'd like to see an integration for, let us know.