Overview
This guide walks you through setting up a complete Jenkins pipeline to automatically generate AWS security reports using Scout Suite. The pipeline includes Docker containerization, S3 storage, web hosting via ALB, and email notifications for comprehensive security audit automation.
Prerequisites
- Jenkins instance with Docker support configured
- AWS account with appropriate IAM permissions
- AWS CLI installed on Jenkins agent
- Jenkins credentials configured for AWS access
- S3 bucket created for report storage
- Application Load Balancer (ALB) set up (optional, for web hosting)
- DNS configured for custom domain (optional)
Step 1: Configure Jenkins Pipeline Job
Create a new Jenkins pipeline job and configure it to use Docker agent.
// Define the pipeline script
def now = new Date().format("yyyy-MM-dd", TimeZone.getTimeZone('UTC'))
def reportFileName = "aws-${now}.html"
pipeline {
agent {
docker {
image 'python:3.8.20-slim-bullseye'
args '-u 0:0' // Run as root for package installation
}
}
environment {
AWS_ACCESS_KEY_ID = credentials('access_key_id')
AWS_SECRET_ACCESS_KEY = credentials('secret_access_key')
BUCKET_NAME = 'awsscout-report'
NOW = "${now}"
}
stages {
// Stages will be defined in next steps
}
}Note: ⚠️ Ensure Jenkins has Docker plugin installed and configured
Step 2: Install Dependencies and Run Scout Suite
Install Scout Suite and AWS CLI, then run the security scan.
stage('Run Scout report') {
steps {
script {
// Install Scout Suite
sh 'pip install scoutsuite'
// Install AWS CLI
sh 'pip install awscli'
try {
// Run Scout Suite security scan
sh 'scout aws'
} catch (err) {
echo err.getMessage()
echo "Error detected, but we will continue."
}
}
}
}Note: 💡 Scout Suite will generate reports in /var/lib/jenkins/workspace/scout-suite/scout-report/scoutsuite-report/
Step 3: Package Reports and Prepare for Upload
Create ZIP archive and prepare index.html for web hosting.
post {
success {
script {
// Rename report file to index.html for web serving
sh "cp /var/lib/jenkins/workspace/scout-suite/scout-report/scoutsuite-report/${reportFileName} /var/lib/jenkins/workspace/scout-suite/scout-report/scoutsuite-report/index.html"
// Install zip utility
sh 'apt update -y && apt install zip -y'
// Create ZIP archive
sh 'cd /var/lib/jenkins/workspace/scout-suite/scout-report/scoutsuite-report && zip -r scout-report.zip *'
}
}
}Step 4: Upload Reports to S3
Store reports in S3 bucket for secure, centralized storage.
// Create dated folder in S3
sh "aws s3api put-object --bucket ${BUCKET_NAME} --key scout-report-${NOW}/"
// Upload all report files recursively
sh "aws s3 cp --recursive /var/lib/jenkins/workspace/scout-suite/scout-report/scoutsuite-report/ s3://${BUCKET_NAME}/scout-report-${NOW}/"Note: 🔒 Ensure IAM role has s3:PutObject permissions
Step 5: Configure HTTP Server for Web Hosting
Set up systemd service to serve reports via HTTP.
# Create systemd service file
sudo nano /etc/systemd/system/python-http-server.service
# Service configuration:
[Unit]
Description=Python3 Simple HTTP Server
After=network.target
[Service]
User=jenkins
WorkingDirectory=/var/lib/jenkins/workspace/scout-suite/scout-report/scoutsuite-report
ExecStart=/usr/bin/python3 -m http.server 8000
Restart=on-failure
[Install]
WantedBy=multi-user.target
# Enable and start service
sudo systemctl daemon-reload
sudo systemctl enable python-http-server.service
sudo systemctl start python-http-server.serviceNote: ⚠️ Ensure port 8000 is open in security group
Step 6: Restart HTTP Server in Pipeline
Restart the HTTP server after generating new reports.
// Restart HTTP server to serve latest reports
sh 'systemctl restart python-http-server.service'Step 7: Configure ALB and DNS (Optional)
Set up Application Load Balancer to make reports accessible via custom domain.
# AWS CLI commands to configure ALB target group
aws elbv2 create-target-group \
--name jenkins-scout-reports \
--protocol HTTP \
--port 8000 \
--vpc-id vpc-xxxxx
# Register Jenkins instance as target
aws elbv2 register-targets \
--target-group-arn \
--targets Id=
# Create listener rule for custom domain
aws elbv2 create-rule \
--listener-arn \
--conditions Field=host-header,Values=scout-suite.yourdomain.com \
--priority 10 \
--actions Type=forward,TargetGroupArn= Step 8: Add Email Notifications
Send email alerts when reports are ready.
// Send email with report attachment and access link
emailext(
subject: "Build ${currentBuild.fullDisplayName} - Reports Generated Successfully",
body: """
Dear Team,
The build ${currentBuild.fullDisplayName} has completed successfully.
- Scout Suite Vulnerability Report (ZIP): Summary of Vulnerability Checker.
Access the report online: Scout Suite Report
Best regards,
Your Scout Suite Jenkins Pipeline
""",
mimeType: 'text/html',
to: 'security-team@company.com',
attachLog: false,
attachmentsPattern: 'scoutsuite-report/scout-report.zip'
)Note: 📧 Configure Jenkins Email Extension plugin first
Step 9: Publish Report in Jenkins UI
Make reports accessible directly from Jenkins interface.
publishHTML([
allowMissing: false,
alwaysLinkToLastBuild: false,
keepAll: false,
reportDir: '/var/lib/jenkins/workspace/scout-suite/scout-report/scoutsuite-report/',
reportFiles: "${reportFileName}",
reportName: 'Scout Suite Report',
reportTitles: '',
useWrapperFileDirectly: true
])Troubleshooting
Permission denied when running Scout Suite
Solution: Ensure AWS credentials have proper IAM permissions. Required: ec2:Describe*, iam:Get*, iam:List*, s3:GetBucket*
HTTP server not accessible via ALB
Solution: Check security group rules allow inbound traffic on port 8000. Verify target group health checks are passing.
Reports not uploading to S3
Solution: Verify IAM role has s3:PutObject permissions. Check bucket policy doesn't block uploads. Ensure bucket name is correct.
systemd service fails to start
Solution: Check /var/log/syslog for errors. Verify Python3 is installed. Ensure working directory exists and has correct permissions.
Email notifications not sending
Solution: Configure Jenkins Email Extension plugin. Set SMTP server details in Jenkins > Manage Jenkins > Configure System.