Skip to content

devops-0002/dso-demo

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits

.mvn/wrapper

.mvn/wrapper

 
 

doc

doc

 
 

imgs

imgs

 
 

src

src

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

DEPENDENCY_TRACK.md

DEPENDENCY_TRACK.md

 
 

Dockerfile

Dockerfile

 
 

HELP.md

HELP.md

 
 

Jenkinsfile

Jenkinsfile

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

build-agent.yaml

build-agent.yaml

 
 

mvnw

mvnw

 
 

mvnw.cmd

mvnw.cmd

 
 

pod.yaml

pod.yaml

 
 

pom.xml

pom.xml

 
 

Repository files navigation

Secure Pipelines Demo

Sample spring application with Jenkins pipeline script to demonstrate secure pipelines

Pre Requesites

Setup Setps

Minikube setup

  • Setup minikube 
    minikube start --nodes=1 --cpus=4 --memory 8192 --disk-size=35g --embed-certs=true --driver=hyperkit

Jenkins setup

  • Stup Jenkins server

    helm repo add jenkins https://charts.jenkins.io
helm repo update
helm install jenkins jenkins/jenkins

  • Wait for the jenkins pod to start

  • Get admin user password of Jenkins

      kubectl exec --namespace default -it svc/jenkins -c jenkins -- /bin/cat /run/secrets/chart-admin-password && echo

    Note: Make a note of the password

  • [Optional] Forward Jenkins server port to access from local machine

    kubectl port-forward svc/jenkins 8080:8080
open http://localhost:8080

  • Add additonal plugins to Jeninks server (Manage Jenkins -> Manage plugins)

    • BlueOcean
    • Configuration as Code
    • OWASP Dependency-Track

Dependency Track setup

Link Jenkins and Dependency Track

  • Login to Dependency track -> Administration -> Access Management -> Teams -> Click on Automation -> Copy the API Keys -> Also add the Permissions - PROJECT_CREATION_UPLOAD, POLICY_VIOLATION_ANALYSIS, VULNERABILITY_ANALYSIS

  • Login to Jenkins -> Manage Jenkins -> Configure System -> Scroll to bottom -> Configure the Dependency-Track URL and API key -> Also enable Auto Create Projects -> Test Connection -> Save

Hint: URL (if you have followed the exact steps) http://dependency-track-apiserver.dependency-track.svc.cluster.local

New Jenkins Pipeline

Create a new Jenkins pipeline with this repo and trigger build

  • Login to Jenkins -> New Item -> Enter name and choose Pipeline -> Choose GitHub project and set project URL
  • Under pipeline section, Choose Pipeline script from SCM
  • Choose git as SCM and provide repo details
  • Save

Pipeline

Refer the below screenshot for the stages in the pipeline

Pipeline View

Pipeline View

Stage View

Stage View

Dependency Track

Dependency Track View

Tools

Stage Tool
Secrets Scanner truffleHog
Dependency Checker OWASP Dependency checker
SAST OWASP Find Security Bugs
OSS License Checker LicenseFinder
SCA Dependency Track
Image Scanner Trivy
Image Hardening Dockle
K8s Hardening KubeSec
IaC Hardening checkov
DAST OWASP Baseline Scan

TODO

Image Malware scanning - ClamAV

About

Learn DevSecOps with this Demo Application.

www.schoolofdevops.com/

Topics

static-analysis sca devsecops dast sbom devsecops-pipeline

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Java 85.6%
  • Dockerfile 14.4%