Note: integration with Jenkins is orthogonal to running specific scanners.

How to integrate sken.ai with Jenkins

This is already answered here as part of Step 3, in Quickly get started with Sken: Setup Sken in your CI/CD

How to run find-sec-bugs

Note: Find-sec-bugs is a scanner for Java code https://find-sec-bugs.github.io/.

In Sken, you don’t specify the scanner that you want. Instead, you specify the source code language that you want to be scanned and Sken automatically selects a scanner for you. So if you want to run find-sec-bugs, you simply specify java as the language in sken.yaml.

For example, using the Sample .yaml File found here in Advanced Settings: Set up Sken CLI and Sken.yaml

We have:

orgid: your-org-id-here

appid: your-app-id-here

language: java

With this sken.yaml file, Sken automatically runs find-sec-bugs for you.

Note: Sken will also run OWASP Dependency Check (this is a SCA -- Software Composition Analysis -- scanner) and Gitleaks (a secrets scanner). SCA and Secrets scanner are language-neutral scanners.

https://owasp.org/www-project-dependency-check/

https://github.com/zricethezav/gitleaks

How to ONLY run find-sec-bugs

Modify sken.yaml as such:

orgid: your-org-id-here

appid: your-app-id-here

language: java

scanner: sast

With this sken.yaml file, Sken will only run find-sec-bugs.

Did this answer your question?