Helium Security Vulnerability Scanner (Jenkins)

This is a Jenkins plugin for Helium Security vulnerability scanner. It provides a pipeline step to scan your application for vulnerabilities and fail the build if the number of vulnerabilities exceeds a certain threshold.

Prerequisites

• Jenkins
• Helium.sh account (License Team / Business / Enterprise required)

Installation (Shared Library)

1. Go to Jenkins > Manage Jenkins > Configure System
2. Under Global Pipeline Libraries, click Add
3. Fill in the details as below:
   • Name: helium-security
   • Owner: (leave blank)
   • Default version: v1.0.1
   • Retrieval method: Modern SCM
   • SCM: Git
   • Project repository: https://github.com/CyberArmyID/Helium-Security-Vulnerability-Scanner-Jenkins.git
   • Credentials: (leave blank)
   • Behaviors: None
4. Click Save

Create a Helium Security API Key and Store It as a Jenkins Secret

1. Log in to your Helium Security account.
2. Go to Settings, select My Account, then open the Integration tab and choose CI/CD Integration.
3. Generate a new API key and copy its value.
4. Create a new secret text named helium-api-key, paste the API key value, save it.

How to Get the Helium Security Workspace ID

1. Log in to your Helium Security account.
2. Go to Settings and select Workspace.
3. Choose the workspace you want to use, then click the Workspace ID. It will be copied to your clipboard automatically.
4. Make sure the selected workspace belongs to the same owner that holds the active license, because the API key can only be used with workspaces covered by that license.
5. Use this Workspace ID in your Jenkins pipeline with the key workspaceId.

Inputs

Website Scanner Inputs

Without Authentication

Inputs

Name	Type	Default	Required	Description
workspaceId	String	-	true	Helium workspace ID
tool	String	-	true	website-scanner
target	String	-	true	Target URL
scanOption	String	-	true	Scan option (full_scan, basic_scan)
heliumApiKey	String	-	true	Helium API key
failOn	String	high	false	Fail the build if the number of vulnerabilities exceeds this threshold (low, medium, high, critical)

Example Usage:

@Library('helium-security') _
pipeline {
    agent any
    stages {
        stage('Helium Scan') {
            steps {
                script {
                    withCredentials([
                        string(credentialsId: 'helium-api-key', variable: 'HELIUM_API_KEY')
                    ]) {
                        def config = [
                            workspaceId: 'your-workspace-id',
                            tool: 'website-scanner',
                            target: 'https://example.com',
                            scanOption: 'full_scan',
                            heliumApiKey: HELIUM_API_KEY,
                            failOn: 'high'
                        ]
                        heliumScan(config)
                    }
                }
            }
        }
    }
}

With Authentication

Cookie Based Authentication

Inputs

Name	Type	Default	Required	Description
workspaceId	String	-	true	Helium workspace ID
tool	String	-	true	website-scanner
target	String	-	true	Target URL
scanOption	String	-	true	Scan option (full_scan)
heliumApiKey	String	-	true	Helium API key
failOn	String	high	false	Fail the build if the number of vulnerabilities exceeds this threshold (low, medium, high, critical)
urlAfterLogin	String	-	true	URL after login
logoutUrl	String	-	true	Logout URL
loginSuccessIndicator	String	-	true	Login success indicator
authMethodInput	String	-	true	Authentication method (cookie, form)
cookiesInput	String	-	true	Cookies string (authMethodInput=cookie)

Example Usage:

@Library('helium-security') _
pipeline {
    agent any
    stages {
        stage('Helium Scan') {
            steps {
                script {
                    withCredentials([
                        string(credentialsId: 'helium-api-key', variable: 'HELIUM_API_KEY')
                    ]) {
                        def config = [
                            workspaceId: 'your-workspace-id',
                            tool: 'website-scanner',
                            target: 'https://example.com',
                            scanOption: 'full_scan',
                            authMethodInput: 'cookie',
                            cookiesInput: 'cookie1=value1; cookie2=value2',
                            urlAfterLogin: 'https://example.com/dashboard',
                            logoutUrl: 'https://example.com/logout',
                            loginSuccessIndicator: 'Dashboard',
                            heliumApiKey: HELIUM_API_KEY,
                            failOn: 'high'
                        ]
                        heliumScan(config)
                    }
                }
            }
        }
    }
}

Form Based Authentication

Inputs

Name	Type	Default	Required	Description
workspaceId	String	-	true	Helium workspace ID
tool	String	-	true	website-scanner
target	String	-	true	Target URL
scanOption	String	-	true	Scan option (full_scan)
heliumApiKey	String	-	true	Helium API key
failOn	String	high	false	Fail the build if the number of vulnerabilities exceeds this threshold (low, medium, high, critical)
urlAfterLogin	String	-	true	URL after login
logoutUrl	String	-	true	Logout URL
loginSuccessIndicator	String	-	true	Login success indicator
authMethodInput	String	-	true	Authentication method (cookie, form)
loginFormUrl	String	-	true	Login form URL (authMethodInput=form)
loginPayload	String	-	true	Login payload (authMethodInput=form)

Example Usage:

@Library('helium-security') _
pipeline {
    agent any
    stages {
        stage('Helium Scan') {
            steps {
                script {
                    withCredentials([
                        string(credentialsId: 'helium-api-key', variable: 'HELIUM_API_KEY')
                    ]) {
                        def config = [
                            workspaceId: 'your-workspace-id',
                            tool: 'website-scanner',
                            target: 'https://example.com',
                            scanOption: 'full_scan',
                            authMethodInput: 'form',
                            loginFormUrl: 'https://example.com/login',
                            loginPayload: 'username=admin&password=admin',
                            urlAfterLogin: 'https://example.com/dashboard',
                            logoutUrl: 'https://example.com/logout',
                            loginSuccessIndicator: 'Dashboard',
                            heliumApiKey: HELIUM_API_KEY,
                            failOn: 'high'
                        ]
                        heliumScan(config)
                    }
                }
            }
        }
    }
}

API Scanner Inputs

Without Authentication

Inputs

Name	Type	Default	Required	Description
workspaceId	String	-	true	Helium workspace ID
tool	String	-	true	api-scanner
target	String	-	true	Target URL
scanOption	String	-	true	Scan option (full_scan, basic_scan)
heliumApiKey	String	-	true	Helium API key
failOn	String	high	false	Fail the build if the number of vulnerabilities exceeds this threshold (low, medium, high, critical)
apiDefinitionInput	String	-	true	API definition file type 'openapi', 'swagger', 'raml', 'wadl', 'postman'
apiDefinitionTypeInput	String	-	true	API definition type 'url'
apiDefinitionContentInput	String	-	true	API definition located URL

Example Usage:

@Library('helium-security') _

pipeline {
    agent any
    stages {
        stage('Helium Scan') {
            steps {
                script {
                    withCredentials([
                        string(credentialsId: 'helium-api-key', variable: 'HELIUM_API_KEY')
                    ]) {
                        def config = [
                            workspaceId: 'your-workspace-id',
                            tool: 'api-scanner',
                            target: 'https://example.com/api',
                            scanOption: 'full_scan',
                            apiDefinitionInput: 'openapi',
                            apiDefinitionTypeInput: 'url',
                            apiDefinitionContentInput: 'https://example.com/openapi.json',
                            heliumApiKey: HELIUM_API_KEY,
                            failOn: 'high'
                        ]
                        heliumScan(config)
                    }
                }
            }
        }
    }
}

With Authentication

Inputs

Name	Type	Default	Required	Description
workspaceId	String	-	true	Helium workspace ID
tool	String	-	true	api-scanner
target	String	-	true	Target URL
scanOption	String	-	true	Scan option (full_scan)
heliumApiKey	String	-	true	Helium API key
failOn	String	high	false	Fail the build if the number of vulnerabilities exceeds this threshold (low, medium, high, critical)
apiDefinitionInput	String	-	true	API definition file type 'openapi', 'swagger', 'raml', 'wadl', 'postman'
apiDefinitionTypeInput	String	-	true	API definition type 'url'
apiDefinitionContentInput	String	-	true	API definition located URL
authMethodInput	String	-	true	Authentication method (auth)
loginUrlInput	String	-	true	Login URL (authMethodInput=auth)
loginPayloadInput	String	-	true	Login payload (authMethodInput=auth)
authTokenLocationInput	String	-	true	Auth token location where the token is located (authMethodInput=auth)
authHeaderNameInput	String	-	true	Auth header name (authMethodInput=auth)
authPrefixInput	String	-	false	Auth prefix (authMethodInput=auth)

Example Usage:

@Library('helium-security') _

pipeline {
    agent any
    stages {
        stage('Helium Scan') {
            steps {
                script {
                    withCredentials([
                        string(credentialsId: 'helium-api-key', variable: 'HELIUM_API_KEY')
                    ]) {
                        def config = [
                            workspaceId: 'your-workspace-id',
                            tool: 'api-scanner',
                            target: 'https://example.com/api',
                            scanOption: 'full_scan',
                            apiDefinitionInput: 'openapi',
                            apiDefinitionTypeInput: 'url',
                            apiDefinitionContentInput: 'https://example.com/openapi.json',
                            authMethodInput: 'auth',
                            loginUrlInput: 'https://example.com/login',
                            loginPayloadInput: '{"username": "admin", "password": "password"}',
                            authTokenLocationInput: 'access.token.id',
                            authHeaderNameInput: 'X-Auth-Token',
                            authPrefixInput: 'Bearer',
                            heliumApiKey: HELIUM_API_KEY,
                            failOn: 'high'
                        ]
                        heliumScan(config)
                    }
                }
            }
        }
    }
}

On Premise Deployment

If you are using Helium On Premise, you only need to add one additional parameter: heliumBaseUrl.

This parameter should point to your on-premise Helium instance (for example: http://192.168.1.1:1337).
All other inputs remain exactly the same as the cloud version.

Additional Input

Name	Type	Required	Description
heliumBaseUrl	String	true	Base URL of your Helium On Premise instance

Example Usage

@Library('helium-security') _
pipeline {
    agent any
    stages {
        stage('Helium Scan') {
            steps {
                script {
                    withCredentials([
                        string(credentialsId: 'helium-api-key', variable: 'HELIUM_API_KEY')
                    ]) {
                        def config = [
                            workspaceId: 'your-workspace-id',
                            tool: 'website-scanner',
                            target: 'http://your-internal-app.local',
                            scanOption: 'full_scan',
                            heliumBaseUrl: 'http://192.168.1.1:1337', // On Premise URL
                            heliumApiKey: HELIUM_API_KEY,
                            failOn: 'high'
                        ]
                        heliumScan(config)
                    }
                }
            }
        }
    }
}