Integrating twigs in your CI / CD pipeline is very easy. Here we take Jenkins as an example, however similar steps will be applicable to any CI / CD platform of your choice.

Pre-requisites

• Jenkins installation

• ThreatWorx subscription

• twigs installation as part of Jenkins environment

Overview

Jenkins allows you to run external commands as part of the pipeline steps. For Linux/Unix, you can use the “sh” command to run external commands or scripts. Jenkins integration with ThreatWorx happens via the twigs command ( twigs discovery command in a step from your Jenkins pipeline ).

Policy Definitions

twigs has support for running / evaluating policies that you define in the ThreatWorx console. A policy specifies a condition that needs to be satisfied. If a policy is violated, then twigs will exit with the “exit code” specified in the policy definition.

For example - administrator can define a policy which indicates that there should not be any DoNow priority vulnerability impacts. Now if you apply this policy for an asset during discovery via twigs and there are DoNow priority impacts found for that asset, then the policy is violated and twigs run will exit with the “exit code” specified in the policy.

In your Jenkins pipeline you can check the “exit code” returned by twigs and choose to take appropriate action. For example if you have a Jenkins pipeline to build a new container image, then based on the “exit code” from twigs, you may choose to not deploy the new container (with DoNow priority vulnerabilities) to production.