NexPloit DevOps Integration

Nexploit is a Machine Learning powered Interactive Application Security Testing (IAST) solution. Automating a cyber-security specialist’s critical thinking process to scan any target and find real vulnerabilities, including logical-flow problems, with no false positives.

This extension allows you to use Nexploit power in your CI.

Setup

Note: An active subscription for Nexploit is needed for usage of this extension.

Get API Key

1. In NexPloit Dashboard navigate to the Organization tab and scroll to the Manage your application API keys section.
2. Press Create new API key button and enter any suitable name (Azure key e.g.)

Note: Make sure to backup the API key, it cannot be restored.

Setup Rescan in the Pipeline

The easiest way to work with Nexploit: just rescan your already setup scan. For that, copy id of your scan in adress bar and paste it in rescan settings.

Setup Scan in the Pipeline

Of course, you can setup a new scan, with new settings.

Using a pre-recorded HAR file

Upload the file using a simple curl command:

$ curl -X POST "https://nexploit.app/api/v1/files?discard=true"     \
    -H "Content-Type: multipart/form-data"                          \
    -H "Authorization: Api-Key yufn0f6.yourapikeykuj069zopv0b1i"    \
    -F "har=@/path/to/the/file.har"

{"ids":["6xkFraa5ecfmHhxTEnabZg"]}

This id will then be used for the File ID field.

When setup is complete, the new scan will start automatically and be visible in your Nexploit account.