FAST Integration into CI/CD

A typical job in a CI/CD workflow includes the following steps:

  1. Building and deploying the target application.
  2. Preparing and setting up a test tool.
  3. Running tests.

    HTTP requests are sent from the test tool to the target application directly.

  4. Obtaining the results of the testing.

  5. Performing other CI/CD job-related steps.

If you integrate FAST into a CI/CD workflow, a job includes the following steps:

  1. Building and deploying the target application.

  2. Deploying and setting up the FAST node:

    1. Deploying a Docker container with the FAST node.

      A note on a container lifecycle

      This guide assumes that the container runs only once for the given CI/CD job and is removed when the job ends.

    2. Creating a test run.

    After you perform these actions, the FAST node is ready to begin the baseline requests recording process.

  3. Preparing and setting up a test tool:

    1. Deploying and performing a basic configuration of the test tool.

    2. Configuring the proxying process.

      The test tool should be configured to use the FAST node as a proxy server.

  4. Running the existing tests.

    This step should be executed only after creating a test run and configuring proxying rules.

    Processes queue

    A test run can be created either before or after the proxying configuration.

  5. Stopping the baseline requests recording process.

    The recording process should be stopped after all of the existing tests are executed.

  6. Waiting for the FAST security tests to finish.

    Check the status of the test run periodically by making an API request. This helps to determine whether the security tests are completed or not.

  7. Obtaining the results of the testing.

  8. Performing other CI/CD job-related steps.

A note on CI/CD workflow stages

Note that the exact order of the aforementioned steps depends on several factors, such as:

  • The CI/CD tool and the CI/CD workflow in use.
  • The internal structure of the request source and the target application.

Yet, it is crucial to maintain the selected order of these steps aligned with the execution order of the parallel processes of recording, testing and security testing, e.g:

An example of a CI/CD job

results matching ""

    No results matching ""