Regardless of which CI/CD platform you use, the first step of the integration process is to create a dedicated API user in Burp Suite Enterprise Edition. This is used by the CI/CD platform to communicate with the Enterprise server in order to create scans, access the results, and so on.
- Log in to Burp Suite Enterprise Edition as an administrator.
- Go to “Team” > “Add a new user”.
- In the corresponding fields, enter a name and username to help you identify this user later. This can be anything you want, for example, “Jenkins User”.
- Enter an email address for the user. This can be any email address you want, but please use an address that you monitor regularly. Burp Suite Enterprise Edition may occasionally send important notifications to this address.
- Select the login type “API Key”.
- Assign the user to the built-in “Scan initiators” group. The user needs the associated permissions in order to create scans.
- Save the user.
A dialog will appear prompting you to save your API key and API link. Copy these using the buttons provided and save them somewhere secure before closing the dialog.
Once you close this dialog, you cannot retrieve the API key for an existing user. If you lose it, you will need to generate a new key and manually update this in any other applications that use the old one.
Now that you’ve created the API user, you can use it to configure the integration with your preferred CI/CD platform. Please follow the relevant instructions below: