Modern software teams can no longer afford to treat security and quality as separate goals. The same discipline that ensures tests pass must also ensure code is safe. By integrating Kiuwan SAST (Static Application Security Testing) directly into TestRail, teams bring security findings into the same lifecycle as functional and regression tests, creating a unified view of application health. This approach, known as Quality Through Security, empowers QA and DevSecOps teams to detect, track, and remediate vulnerabilities as part of their everyday testing workflows. Instead of managing security reports in isolation, developers and testers can see which builds or test runs contain critical issues, measure improvement over time, and demonstrate “safe software sooner” across both quality and security metrics.
Prerequisites
Before integrating:
You must have a valid Kiuwan account and API access to fetch analysis data
You should be able to run a Kiuwan scan and export or retrieve results via API
Your TestRail instance must allow API access
Integration Flow Overview (Using the TestRail CLI)
Run Kiuwan SAST analysis
Include a Kiuwan scan as part of your CI or CD process. You can trigger it through the Kiuwan Local Analyzer or API so that each build or commit is automatically analyzed for vulnerabilities.Export analysis results in JUnit format
Once the scan completes, export the results from Kiuwan in JUnit XML format using the deliveries API. This makes it compatible with the TestRail CLI. Kiuwan provides a REST API endpoint to generate this format directly.Install and configure the TestRail CLI
The TestRail CLI allows you to upload test results automatically from supported formats such as JUnit. See the detailed documentation on how to setup the TestRail CLI along with usage information.-
Upload Kiuwan results to TestRail using the CLI
Use theparse_junitcommand in the TestRail CLI to import the Kiuwan JUnit report into a new or existing TestRail test run. For example (GitHub Action):pip install trcli trcli -y \ -h $TESTRAIL_URL \ -u $TESTRAIL_USER \ -p $TESTRAIL_PASS \ parse_junit \ --title "Kiuwan SAST Results" \ --run-description "Automated Kiuwan scan results for build ${{ github.run_id }}" \ -f kiuwan-audit.xml -
Example GitHub Actions YAML Workflow
The following example shows how to automate the full Kiuwan to TestRail integration in a GitHub Actions workflow. Inline comments explain each step:name: Kiuwan SAST to TestRail Integration # Run this workflow on push, pull requests, or manual trigger on: push: branches: - main pull_request: workflow_dispatch: jobs: sast_testrail_integration: runs-on: ubuntu-latest # Shared environment variables for the integration env: APP_NAME: "Sample Application Name" SRC_PATH: "." TESTRAIL_USER: your_testrail_username@example.com TESTRAIL_URL: https://yourcompany.testrail.io/ PROJECT_NAME: Your TestRail Project Name steps: # Step 1: Checkout repository code - name: Checkout code uses: actions/checkout@v4 # Step 2: Setup Python (required for TestRail CLI) - name: Setup Python uses: actions/setup-python@v4.5.0 with: python-version: '3.10' # Step 3: Download Kiuwan Local Analyzer - name: Download Kiuwan Local Analyzer run: | echo "Downloading Kiuwan Local Analyzer..." curl -sSL "https://www.kiuwan.com/pub/analyzer/KiuwanLocalAnalyzer.zip" -o kla.zip unzip -oq kla.zip -d kla # Step 4: Run a Kiuwan SAST scan - name: Run Kiuwan SAST Scan env: KIUWAN_USER: ${{ secrets.KIUWAN_USER }} KIUWAN_PWD: ${{ secrets.KIUWAN_PWD }} run: | cd kla/KiuwanLocalAnalyzer chmod u+x bin/agent.sh echo "Running Kiuwan scan for $APP_NAME" ./bin/agent.sh \ -s "$SRC_PATH" \ -n "$APP_NAME" \ -c \ -wr \ -as completeDelivery \ --user "$KIUWAN_USER" \ --pass "$KIUWAN_PWD" echo "Kiuwan scan completed." # Step 5: Retrieve the last successful delivery code from the Kiuwan API - name: Fetch Last SAST Scan Code id: fetch_delivery env: KIUWAN_USER: ${{ secrets.KIUWAN_USER }} KIUWAN_PWD: ${{ secrets.KIUWAN_PWD }} KIUWAN_API: "https://api.kiuwan.com" run: | echo "Fetching last successful delivery code from Kiuwan API..." encoded_app=$(printf "%s" "$APP_NAME" | jq -sRr @uri) response=$(curl -sSL --user "$KIUWAN_USER:$KIUWAN_PWD" \ "$KIUWAN_API/deliveries/last_analysis?application=$encoded_app") echo "Raw API response:" echo "$response" code=$(echo "$response" | jq -r '.lastSuccessfulDelivery.code // .analysisCode // empty') if [ -z "$code" ] || [ "$code" = "null" ]; then echo "Unable to extract delivery code from response." exit 1 fi echo "Last Successful Delivery Code: $code" echo "delivery_code=$code" >> $GITHUB_OUTPUT # Step 6: Download the JUnit XML report from Kiuwan for that delivery - name: Download JUnit XML Report id: fetch_junit env: KIUWAN_USER: ${{ secrets.KIUWAN_USER }} KIUWAN_PWD: ${{ secrets.KIUWAN_PWD }} KIUWAN_API: "https://api.kiuwan.com" DELIVERY_CODE: ${{ steps.fetch_delivery.outputs.delivery_code }} run: | echo "Downloading JUnit XML for delivery code: $DELIVERY_CODE" curl -sSL --user "$KIUWAN_USER:$KIUWAN_PWD" \ "$KIUWAN_API/deliveries/junit?deliveryCode=$DELIVERY_CODE" \ -o kiuwan_sast.xml if [ ! -s kiuwan_sast.xml ]; then echo "Failed to retrieve kiuwan_sast.xml" exit 1 fi echo "JUnit XML successfully saved as kiuwan_sast.xml" # Step 7: Upload the JUnit XML results to TestRail using the CLI - name: Upload Results to TestRail run: | pip install trcli trcli -y \ -h ${{ env.TESTRAIL_URL }} \ --project "${{ env.PROJECT_NAME }}" \ -u ${{ env.TESTRAIL_USER }} \ -p "${{ secrets.TESTRAIL_PASSWORD }}" \ parse_junit \ -f "kiuwan_sast.xml" \ --title "Kiuwan SAST Audit Checkpoint Tests"
Additional Resources
For more information on Kiuwan, including documentation on scan configuration, API usage, and exporting results, visit:
https://www.kiuwan.com/documentation/
For detailed guidance on using the TestRail CLI, including command options, result parsing, and automation examples, see:
https://support.testrail.com/hc/en-us/articles/17372097063501-TestRail-CLI-User-Guide