Secure Pipelines Demo

Sample spring application with Jenkins pipeline script to demonstrate secure pipelines

Pre Requesites

minikube v1.24.0 - Refer here for installation
helm v3.7.2 - Refer here for installation

Setup Setps

Minikube setup

Setup minikube

minikube start --nodes=1 --cpus=4 --memory 8192 --disk-size=35g --embed-certs=true --driver=hyperkit
minikube addons enable ingress

Jenkins setup

Stup Jenkins server

helm repo add jenkins https://charts.jenkins.io
helm repo update
helm install jenkins jenkins/jenkins

Wait for the jenkins pod to start

Get admin user password of Jenkins

  kubectl exec --namespace default -it svc/jenkins -c jenkins -- /bin/cat /run/secrets/chart-admin-password && echo

Note: Make a note of the password

[Optional] Forward Jenkins server port to access from local machine

kubectl port-forward svc/jenkins 8080:8080
open http://localhost:8080

Add additonal plugins to Jeninks server (Manage Jenkins -> Manage plugins)
- BlueOcean
- Configuration as Code
- OWASP Dependency-Track

Dependency Track setup

Refer Dependency Track v4 Installation Guide

Note: dependency-track will take some time to start (~1hr on low end Mac)

Link Jenkins and Dependency Track

Login to Dependency track -> Administration -> Access Management -> Teams -> Click on Automation -> Copy the API Keys -> Also add the Permissions - PROJECT_CREATION_UPLOAD, POLICY_VIOLATION_ANALYSIS, VULNERABILITY_ANALYSIS
Login to Jenkins -> Manage Jenkins -> Configure System -> Scroll to bottom -> Configure the Dependency-Track URL and API key -> Also enable Auto Create Projects -> Test Connection -> Save

Hint: URL (if you have followed the exact steps) http://dependency-track-apiserver.deptrack.svc.cluster.local (Format: severiceName.namespace.svc.cluster.local)

New Jenkins Pipeline

Create a new Jenkins pipeline with this repo and trigger build

Login to Jenkins -> New Item -> Enter name and choose Pipeline -> Choose GitHub project and set project URL
Under pipeline section, Choose Pipeline script from SCM
Choose git as SCM and provide repo details
Save

Pipeline

Refer the below screenshot for the stages in the pipeline

Pipeline View

Stage View

Dependency Track

Tools

Stage	Tool
Secrets Scanner	truffleHog
Dependency Checker	OWASP Dependency checker
SAST	OWASP Find Security Bugs
OSS License Checker	LicenseFinder
SCA	Dependency Track
Image Scanner	Trivy
Image Hardening	Dockle
K8s Hardening	KubeSec
IaC Hardening	checkov
DAST	OWASP Baseline Scan

TODO

Image Malware scanning - ClamAV

Name		Name	Last commit message	Last commit date
Latest commit History 45 Commits
.mvn/wrapper		.mvn/wrapper
doc		doc
imgs		imgs
src		src
.dockerignore		.dockerignore
.gitignore		.gitignore
DEPENDENCY_TRACK.md		DEPENDENCY_TRACK.md
Dockerfile		Dockerfile
HELP.md		HELP.md
Jenkinsfile		Jenkinsfile
LICENSE		LICENSE
README.md		README.md
build-agent.yaml		build-agent.yaml
mvnw		mvnw
mvnw.cmd		mvnw.cmd
pod.yaml		pod.yaml
pom.xml		pom.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Secure Pipelines Demo

Pre Requesites

Setup Setps

Minikube setup

Jenkins setup

Dependency Track setup

Link Jenkins and Dependency Track

New Jenkins Pipeline

Pipeline

Pipeline View

Stage View

Dependency Track

Tools

TODO

About

Uh oh!

Releases

Packages

Uh oh!

Contributors 2

Uh oh!

Languages

License

rmkanda/secure-pipeline-java-demo

Folders and files

Latest commit

History

Repository files navigation

Secure Pipelines Demo

Pre Requesites

Setup Setps

Minikube setup

Jenkins setup

Dependency Track setup

Link Jenkins and Dependency Track

New Jenkins Pipeline

Pipeline

Pipeline View

Stage View

Dependency Track

Tools

TODO

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors 2

Uh oh!

Languages

Packages