{"id":53365,"date":"2013-08-12T14:29:10","date_gmt":"2013-08-12T14:29:10","guid":{"rendered":"https:\/\/www.checkmarx.com\/?post_type=glossary&#038;p=3495"},"modified":"2024-07-28T06:54:11","modified_gmt":"2024-07-28T06:54:11","slug":"jenkins-static-code-analysis","status":"publish","type":"glossary","link":"https:\/\/checkmarx.com\/glossary\/jenkins-static-code-analysis\/","title":{"rendered":"Jenkins Static Code Analysis"},"content":{"rendered":"<p style=\"text-align: justify;\">Jenkins is a simple application designed to keep an eye on a series of executions in a software environment. For example &#8211; it works like \u2018Cruise Control\u2019 and offers a single simple use continuous system for integration. Developers can then execute test cycles more easily and the latest build can be quickly and efficiently delivered to users. One question that users of Jenkins have often raised is how to implement <a href=\"https:\/\/checkmarx.com\/cxsca-open-source-scanning\/\">static code analysis<\/a> in a Jenkins environment.<\/p>\n<p><span style=\"color: #333333;\"><!--more--><\/span><\/p>\n<h2 style=\"text-align: justify;\" class=\"article-anchor\" id=\"article-anchor-1\">No built-in support for static code analysis<\/h2>\n<p style=\"text-align: justify;\">Jenkins has no facility for static code analysis within the application environment. It\u2019s used for continuous build environments and to keep an eye on jobs running externally from an environment to report on outputs from those jobs. This can be frustrating for developers who would like to use Jenkins for its automation facility but are also looking for the application to assist with the security testing of their code.<\/p>\n<p style=\"text-align: justify;\">It\u2019s OK. Jenkins <i>does<\/i> support static code analysis from other packages. A plugin is used to capture the results and to parse them. Once these results are passed to Jenkins, the application enables the results to be visually represented in a consistent manner. Jenkins can report on the warnings generated by a build, deliver trend reporting that shows the level of warnings generated by subsequent builds, granular reporting (module, type, package, etc.) for warnings, severity reports, an HTML comparison of source and warnings, stability reporting, project health reporting, scoring for builds that are \u201cwarning free\u201d, e-mail reports, etc.\u00a0 There is also support for a remote API so that the plugin can be simply integrated into Jenkins without hours of development time wasted on facilitating that integration.<\/p>\n<p style=\"text-align: justify;\">The good news is that to enable Jenkins static code analysis, leading SCA vendors\u00a0has an out of the box integration with Jenkins to provide all these reports. Make sure this box is ticked before you purchase and invest in a static code scanner. Stay safe!<\/p>","protected":false},"excerpt":{"rendered":"<p>Jenkins is a simple application designed to keep an eye on a series of executions in a software environment. For example &#8211; it works like \u2018Cruise Control\u2019 and offers a single simple use continuous system for integration. Developers can then execute test cycles more easily and the latest build can be quickly and efficiently delivered [&hellip;]<\/p>\n","protected":false},"author":11,"featured_media":0,"template":"","glossary-tags":[],"class_list":["post-53365","glossary","type-glossary","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Jenkins Static Code Analysis - Checkmarx<\/title>\n<meta name=\"description\" content=\"Jenkins Static Code Analysis - Granular reporting, severity reports, HTML comparison of source and warnings, stability reporting, project health reporting\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/glossary\/jenkins-static-code-analysis\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Jenkins Static Code Analysis - Checkmarx\" \/>\n<meta property=\"og:description\" content=\"Jenkins Static Code Analysis - Granular reporting, severity reports, HTML comparison of source and warnings, stability reporting, project health reporting\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/glossary\/jenkins-static-code-analysis\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:modified_time\" content=\"2024-07-28T06:54:11+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/glossary\/jenkins-static-code-analysis\/\",\"url\":\"https:\/\/checkmarx.com\/glossary\/jenkins-static-code-analysis\/\",\"name\":\"Jenkins Static Code Analysis - Checkmarx\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"datePublished\":\"2013-08-12T14:29:10+00:00\",\"dateModified\":\"2024-07-28T06:54:11+00:00\",\"description\":\"Jenkins Static Code Analysis - Granular reporting, severity reports, HTML comparison of source and warnings, stability reporting, project health reporting\",\"breadcrumb\":{\"@id\":\"https:\/\/checkmarx.com\/glossary\/jenkins-static-code-analysis\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/glossary\/jenkins-static-code-analysis\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/checkmarx.com\/glossary\/jenkins-static-code-analysis\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Glossary\",\"item\":\"https:\/\/checkmarx.com\/glossary\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Jenkins Static Code Analysis\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Jenkins Static Code Analysis - Checkmarx","description":"Jenkins Static Code Analysis - Granular reporting, severity reports, HTML comparison of source and warnings, stability reporting, project health reporting","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/glossary\/jenkins-static-code-analysis\/","og_locale":"en_US","og_type":"article","og_title":"Jenkins Static Code Analysis - Checkmarx","og_description":"Jenkins Static Code Analysis - Granular reporting, severity reports, HTML comparison of source and warnings, stability reporting, project health reporting","og_url":"https:\/\/checkmarx.com\/glossary\/jenkins-static-code-analysis\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_modified_time":"2024-07-28T06:54:11+00:00","twitter_card":"summary_large_image","twitter_site":"@checkmarx","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/glossary\/jenkins-static-code-analysis\/","url":"https:\/\/checkmarx.com\/glossary\/jenkins-static-code-analysis\/","name":"Jenkins Static Code Analysis - Checkmarx","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"datePublished":"2013-08-12T14:29:10+00:00","dateModified":"2024-07-28T06:54:11+00:00","description":"Jenkins Static Code Analysis - Granular reporting, severity reports, HTML comparison of source and warnings, stability reporting, project health reporting","breadcrumb":{"@id":"https:\/\/checkmarx.com\/glossary\/jenkins-static-code-analysis\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/glossary\/jenkins-static-code-analysis\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/checkmarx.com\/glossary\/jenkins-static-code-analysis\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Glossary","item":"https:\/\/checkmarx.com\/glossary\/"},{"@type":"ListItem","position":2,"name":"Jenkins Static Code Analysis"}]},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/glossary\/53365","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/glossary"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/glossary"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/11"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/glossary\/53365\/revisions"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=53365"}],"wp:term":[{"taxonomy":"glossary-tags","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/glossary-tags?post=53365"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}