NexPloit DevOps Integration

Nexploit is a Machine Learning powered Interactive Application Security Testing (IAST) solution. Automating a cyber-security specialist’s critical thinking process to scan any target and find real vulnerabilities, including logical-flow problems, with no false positives.

This extension allows you to use Nexploit power in your CI.

Setup

Note - An active subscription for Nexploit is needed for usage of this extension.

Get API Key

In NexPloit Dashboard navigate to the Organization tab and scroll to the Manage your application API keys section.
Press Create new API key button and enter any suitable name (Azure key e.g.)

Note - Make sure to backup the API key, it cannot be restored.

Setup NexPloit in the Pipeline

Scan Settings

Using a pre-recorded HAR file

Upload the file using a simple curl command:

$ curl -X POST "https://nexploit.app/api/v1/files?discard=true"     \
    -H "Content-Type: multipart/form-data"                          \
    -H "Authorization: Api-Key yufn0f6.yourapikeykuj069zopv0b1i"    \
    -F "har=@/path/to/the/file.har"
{"ids":["6xkFraa5ecfmHhxTEnabZg"]}

This id will then be used for the File ID field.

When setup is complete, the new scan will start automatically and be visible in your Nexploit account.

Neuralegion

Setup

Get API Key

Setup NexPloit in the Pipeline

Using a pre-recorded HAR file