MITRE Publishes Guide to Integrate Qualys Scanning in CI/CD Pipelines
MITRE has published a new guide, 'Assess Vulnerabilities and Misconfiguration in CI/CD Pipelines', to help users integrate Qualys vulnerability management scanning into their pipelines. The guide comes with a PDF and a Postman collection for referenced API calls, allowing users to simulate API calls and understand response data.
The guide, published in response to customer queries about integrating Qualys Vulnerability Management scanning into other CI/CD Pipelines, covers a wide range of topics. It delves into design considerations, explaining how to structure the integration for optimal results. It also details API calls, their response data structures, and how to process this data within the pipeline. Furthermore, it provides insights into setting pipeline failure thresholds and offers success tips for a smooth integration.
Notably, the guide takes a language-, tool-, and cloud-agnostic approach. This means it can be applied regardless of the specific tools, languages, or cloud platforms used in the pipeline. To aid users, the guide includes a Postman collection that can be used in conjunction with the 'Qualys Postman Environment Collection' to simulate API calls and understand the data returned.
The new guide from MITRE, 'Assess Vulnerabilities and Misconfiguration in CI/CD Pipelines', is a comprehensive resource for integrating Qualys vulnerability scanning into CI/CD pipelines. With its detailed coverage of design considerations, API calls, and data processing, along with its agnostic approach, it caters to a wide range of users. The included PDF and Postman collection provide practical tools for understanding and implementing the guide's recommendations.
