Jenkins integration
DevOps & CI/CD
Jenkins is the automation server most self-hosted teams already use to build, test, and ship — which makes it the natural place to enforce that nothing reaches production with a known external exposure. The FortWatch Jenkins integration (currently in development) will turn your continuous attack-surface scans into a build-time security gate: pipelines can wait on a FortWatch scan, read the results, and fail or warn when a critical finding — an exposed Redis port, a public storage bucket, an expiring TLS certificate — is detected against the asset you're about to deploy.
Exposed Redis on 203.0.113.10:6379
Unauthenticated database reachable from the internet.
View finding & step-by-step fix →Jenkins + FortWatch
FortWatch connects to Jenkins through a Jenkins plugin plus a Pipeline step you drop into your Jenkinsfile. In a build, the step calls the FortWatch API to trigger an on-demand scan (or read the latest scan results) for a given asset, waits for it to complete, and returns the findings with their severities. You set a threshold — for example, fail on any new critical or high — and the plugin marks the build accordingly, publishing a scan report as a build artifact so the results live alongside your console output. The connection runs in reverse too: FortWatch can call a Jenkins job via the REST API or an inbound webhook (such as the Generic Webhook Trigger plugin) when a brand-new exposure is detected outside the pipeline, so a finding on live infrastructure can kick off a remediation or notification job. Authentication uses a scoped FortWatch API token stored in Jenkins Credentials, so secrets never sit in your Jenkinsfile.
FortWatch scans
Eleven scanners watch your external attack surface around the clock — ports, certs, DNS, cloud buckets, exposed files and more.
AI triages the finding
Each issue is scored by real-world impact and packaged with the affected asset and a one-line explanation of the risk.
Delivered to Jenkins
The finding lands in Jenkins, routed by severity — so the right people see the right alert, fast.
What you'll be able to do
Everything the Jenkins integration will bring to your security workflow.
Deployment gate
add a fortwatchScan step to your Jenkinsfile so a build fails before deploy when a new critical or high finding is detected against the target asset.
Configurable thresholds
choose which severities break the build (fail on critical, warn on high) per pipeline or per stage — no all-or-nothing blocking.
Build report artifacts
every scan attaches a findings report (severity, affected asset, remediation note) to the build so results sit next to the console log.
Post-deploy verification
run a FortWatch scan as the final stage after a release to confirm the deploy didn't open a new port, expose a bucket, or weaken TLS.
Reverse trigger
FortWatch calls a Jenkins job over the REST API or an inbound webhook when a fresh exposure appears on live infrastructure, kicking off a remediation or notification pipeline.
Scheduled posture checks
a nightly Jenkins job can pull your latest external attack surface and fail loudly if the count of unresolved highs has grown.
What an alert looks like
Every finding arrives formatted for Jenkins — severity up front, the affected asset, and a one-line explanation of why it matters, with a link straight to the step-by-step fix.
- Severity-tagged and color-coded
- The exact asset and port affected
- One click to the full finding & remediation
Jenkins[FortWatch] Pipeline gate: FAILED ❌ (build #482)\nStage: pre-deploy-security-scan\nThreshold: fail on new critical/high\n\nNew CRITICAL finding blocking this deploy:\n Exposed Redis on 203.0.113.10:6379 — unauthenticated, internet-reachable\n Asset: cache-prod-1 · Scanner: port-monitoring\n Risk: anyone can read, wipe, or take over the host.\n\n1 critical · 0 high · 2 medium (medium below threshold)\nFull report: build artifact fortwatch-scan.json → View finding & fix in FortWatch
Set it up in minutes, once it lands
No agents, no infrastructure changes — just connect Jenkins and choose where alerts go.
When it launches, install the FortWatch plugin from the Jenkins Update Center on your controller.
Generate a scoped API token in FortWatch (Settings → Integrations) and store it as a Jenkins Credential.
Add the fortwatchScan step to your Jenkinsfile, pointing it at the asset or project you're deploying.
Set your severity threshold — for example, fail the build on any new critical or high finding.
Run a pipeline to confirm the gate triggers correctly and the scan report is attached as a build artifact.
Why route FortWatch into Jenkins?
A vulnerability scan that runs on a dashboard is easy to skip; one wired into the pipeline is unavoidable. Putting FortWatch in front of your Jenkins deploy step means an exposed database or a public bucket gets caught at the exact moment you can still stop it — before it ships — and the same connection lets a finding on live infrastructure trigger a job automatically, closing the loop between detection and response.
Frequently asked questions
Is the Jenkins integration available now?
Not yet — it's in active development. Add your email on this page and we'll notify you the moment it ships.
Will a slow scan block my whole pipeline?
You control the behavior. The step can run async or with a timeout, and you can scope the gate to fail only on new critical/high findings while letting lower severities pass without holding up the build.
Does this work with my self-hosted Jenkins?
Yes — that's the target. The plugin runs on your own Jenkins controller and talks to the FortWatch API over HTTPS using a token stored in Jenkins Credentials, so it fits both cloud and on-prem setups.
Want the Jenkins integration when it ships?
We'll email you the moment it goes live — no spam, just the launch.
Get notified
Secure your entire stack today
Start scanning in under 5 minutes. No credit card required. 14-day free trial included.