Integrate OWASP Dependency Check with Jenkins

In this blog, we will see how to integrate OWASP Dependency Check with Jenkins to conduct Software Composition Analysis (SCA) as part of CI on every build.

To integrate the Dependency check with Jenkins, first, we will create a parameterized freestyle project in Jenkins specifically for the Dependency Check.

Steps to create a parameterized freestyle project

Step 1: Check on New Project in Jenkins Dashboard

Step 2: Enter the name of the item, then select Freestyle project, and at last click ok

Step 3: In the Freestyle project configuration window, type the description (Optional) and enable This project is parameterized checkbox

Step 4: After enabling the parameterized checkbox, we will get the option to Add parameter, click on Add parameter button and select the string parameter

Step 5: In the String parameter form, create string parameters for Scan Path, Report Path, and Project Name.

Step 6: In the Build Step section, click on Add Build Step button and select Execute Shell

Step 7: In the Execute Shell command textbox, enter the following command to perform the following tasks

  • Download the Dependency check zip file from the Dependency check GitHub repository
  • Unzip the Dependency check archive
  • Change directory to dependency-check/bin/ folder
  • Run the Scan using script




cd dependency-check/bin/

./ --project ${Project_Name} --scan ${Scan_Path} -o ${Report_Path} -f HTML --enableExperimental

Step 8: Click on Save Button to save the project.

Now we will see how to integrate the Dependency Check Freestyle project in the CI Pipeline.

Step 1: Go to the pipeline project and open the configuration.

Step 2: In the configuration page, go to the pipeline script section and define the variable and the values that we are going to pass in the Dependency check build job

Step 3: After defining the variables, create one stage for Dependency check SCA that will trigger the Dependency check freestyle project with parameters and values, also publish the HTML report in Jenkins Dashboard using the HTML Publisher plugin

stage('Dependency Check (SCA)'){

build job: 'Dependency Check (SCA)', parameters: [string(name: 'Scan_Path', value: "${DC_Scan_Path}"), string(name: 'Report_Path', value: "${DC_Report_Path}"), string(name: 'Project_Name', value: "${DC_Project_Name}")]

publishHTML([allowMissing: false, alwaysLinkToLastBuild: false, keepAll: false, reportDir: '.', reportFiles: 'dependency_check.html', reportName: 'Dependency Check Report', reportTitles: '', useWrapperFileDirectly: true])

Step 4: Now Save the project and trigger the build, once the build is complete, we can open the dependency check report from Pipeline Dashboard

Alternative method

We can also use the OWASP Dependency-Check Jenkins plugin to integrate Dependency Check with Jenkins.

Sahil Gupta

Application Security | DevSecOps | Secure SDLC | Penetration Tester (Web and API) | CEHv10 | IBM Certified Cybersecurity Analyst Professional

Previous Post Next Post

Contact Form