Skip to content

Scan

pipeleek jenkins scan

Scan Jenkins jobs

Synopsis

Scan Jenkins job logs, artifacts, job definitions, and exposed environment variables for secrets.

1
pipeleek jenkins scan [flags]

Examples

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
# Scan all accessible jobs on the Jenkins instance
pipeleek jenkins scan --jenkins https://jenkins.example.com --username admin --token token_value

# Scan only a folder recursively
pipeleek jenkins scan --jenkins https://jenkins.example.com --username admin --token token_value --folder team-a

# Scan one specific job path
pipeleek jenkins scan --jenkins https://jenkins.example.com --username admin --token token_value --job team-a/service-a

# Limit builds per job and include artifacts
pipeleek jenkins scan --jenkins https://jenkins.example.com --username admin --token token_value --max-builds 20 --artifacts

Options

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
  -a, --artifacts                  Scan artifacts
      --confidence strings         Filter for confidence level, separate by comma if multiple. See readme for more info.
  -f, --folder string              Jenkins folder path to scan recursively (e.g. team-a/platform)
  -h, --help                       help for scan
      --hit-timeout duration       Maximum time to wait for hit detection per scan item (e.g., 30s, 2m, 1h) (default 1m0s)
  -j, --jenkins string             Jenkins base URL
      --job string                 Specific Jenkins job path to scan (e.g. team-a/service-a)
      --max-artifact-size string   Maximum artifact size to scan. Larger files are skipped. Format: https://pkg.go.dev/github.com/docker/go-units#FromHumanSize (default "500Mb")
      --max-builds int             Maximum builds to scan per job (0 = all builds) (default 25)
      --threads int                Number of concurrent threads for scanning (default 4)
  -t, --token string               Jenkins API token
      --truffle-hog-verification   Enable TruffleHog credential verification to actively test found credentials and only report verified ones (enabled by default, disable with --truffle-hog-verification=false) (default true)
  -u, --username string            Jenkins username

Options inherited from parent commands

1
2
3
4
5
6
7
      --color              Enable colored log output (auto-disabled when using --logfile) (default true)
      --config string      Config file path. Example: ~/.config/pipeleek/pipeleek.yaml
      --ignore-proxy       Ignore HTTP_PROXY environment variable
      --json               Use JSON as log output format
      --log-level string   Set log level globally (debug, info, warn, error). Example: --log-level=warn
  -l, --logfile string     Log output to a file
  -v, --verbose            Enable debug logging (shortcut for --log-level=debug)

SEE ALSO