From c42074dd7c23a57877066811821632fb74bd5ed0 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 19 Mar 2024 07:25:55 +0000 Subject: [PATCH 01/97] jenkins pipeline error --- .idea/.gitignore | 8 ++++ .idea/misc.xml | 4 ++ .idea/vcs.xml | 6 +++ .pydevproject | 8 ++++ .vscode/settings.json | 3 ++ Jenkinsfile | 22 +++++++---- setup/vm-install-script/install-script.sh | 17 +++++---- .../java/com/devsecops/NumericController.java | 3 +- untitled/.gitignore | 38 +++++++++++++++++++ untitled/.idea/.gitignore | 8 ++++ untitled/.idea/misc.xml | 14 +++++++ untitled/.idea/vcs.xml | 6 +++ untitled/pom.xml | 9 +++++ .../resources/META-INF/maven/archetype.xml | 9 +++++ .../resources/archetype-resources/pom.xml | 15 ++++++++ .../src/main/java/App.java | 13 +++++++ .../src/test/java/AppTest.java | 38 +++++++++++++++++++ 17 files changed, 205 insertions(+), 16 deletions(-) create mode 100644 .idea/.gitignore create mode 100644 .idea/misc.xml create mode 100644 .idea/vcs.xml create mode 100644 .pydevproject create mode 100644 .vscode/settings.json create mode 100644 untitled/.gitignore create mode 100644 untitled/.idea/.gitignore create mode 100644 untitled/.idea/misc.xml create mode 100644 untitled/.idea/vcs.xml create mode 100644 untitled/pom.xml create mode 100644 untitled/src/main/resources/META-INF/maven/archetype.xml create mode 100644 untitled/src/main/resources/archetype-resources/pom.xml create mode 100644 untitled/src/main/resources/archetype-resources/src/main/java/App.java create mode 100644 untitled/src/main/resources/archetype-resources/src/test/java/AppTest.java diff --git a/.idea/.gitignore b/.idea/.gitignore new file mode 100644 index 000000000..13566b81b --- /dev/null +++ b/.idea/.gitignore @@ -0,0 +1,8 @@ +# Default ignored files +/shelf/ +/workspace.xml +# Editor-based HTTP Client requests +/httpRequests/ +# Datasource local storage ignored files +/dataSources/ +/dataSources.local.xml diff --git a/.idea/misc.xml b/.idea/misc.xml new file mode 100644 index 000000000..6ed36dd36 --- /dev/null +++ b/.idea/misc.xml @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/.idea/vcs.xml b/.idea/vcs.xml new file mode 100644 index 000000000..35eb1ddfb --- /dev/null +++ b/.idea/vcs.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/.pydevproject b/.pydevproject new file mode 100644 index 000000000..97606ffb5 --- /dev/null +++ b/.pydevproject @@ -0,0 +1,8 @@ + + + Default + python interpreter + + /${PROJECT_DIR_NAME}/devops-spring-project + + diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 000000000..7b016a89f --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "java.compile.nullAnalysis.mode": "automatic" +} \ No newline at end of file diff --git a/Jenkinsfile b/Jenkinsfile index 56745c21a..c65985fc9 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,12 +1,18 @@ pipeline { agent any + environment { + // Set JVM options for Maven + MAVEN_OPTS = "--add-opens java.base/java.lang=ALL-UNNAMED" + } + stages { - stage('Build Artifact') { - steps { - sh "mvn clean package -DskipTests=true" - archive 'target/*.jar' //so that they can be downloaded later - } - } - } -} \ No newline at end of file + stage('Build Artifact') { + steps { + // Use environment variable for Maven options + sh 'mvn clean package -DskipTests=true' + archiveArtifacts artifacts: 'target/*.jar', onlyIfSuccessful: true + } + } + } +} diff --git a/setup/vm-install-script/install-script.sh b/setup/vm-install-script/install-script.sh index 1ccbf3bff..20aa6f1a3 100644 --- a/setup/vm-install-script/install-script.sh +++ b/setup/vm-install-script/install-script.sh @@ -15,9 +15,9 @@ cat < /etc/apt/sources.list.d/kubernetes.list deb http://apt.kubernetes.io/ kubernetes-xenial main EOF -KUBE_VERSION=1.20.0 +KUBE_VERSION=1.28.0 apt-get update -apt-get install -y docker.io vim build-essential jq python3-pip kubelet=${KUBE_VERSION}-00 kubectl=${KUBE_VERSION}-00 kubernetes-cni=0.8.7-00 kubeadm=${KUBE_VERSION}-00 +apt-get install -y docker.io vim build-essential jq python3-pip kubelet=${KUBE_VERSION}-00 kubectl=${KUBE_VERSION}-00 kubernetes-cni=1.2.0-00 kubeadm=${KUBE_VERSION}-00 pip3 install jc ### UUID of VM @@ -62,7 +62,7 @@ kubectl get node -o wide echo ".........----------------#################._.-.-Java and MAVEN-.-._.#################----------------........." -sudo apt install openjdk-11-jdk -y +sudo apt install openjdk-17-jdk -y java -version sudo apt install -y maven mvn -v @@ -70,10 +70,13 @@ mvn -v echo ".........----------------#################._.-.-JENKINS-.-._.#################----------------........." -wget -q -O - https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo apt-key add - -sudo sh -c 'echo deb http://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list' -sudo apt update -sudo apt install -y jenkins +sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \ + https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key +echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \ + https://pkg.jenkins.io/debian-stable binary/ | sudo tee \ + /etc/apt/sources.list.d/jenkins.list > /dev/null +sudo apt-get update +sudo apt-get install jenkins systemctl daemon-reload systemctl enable jenkins sudo systemctl start jenkins diff --git a/src/main/java/com/devsecops/NumericController.java b/src/main/java/com/devsecops/NumericController.java index b0aeeeeed..f8794f2e3 100644 --- a/src/main/java/com/devsecops/NumericController.java +++ b/src/main/java/com/devsecops/NumericController.java @@ -18,7 +18,8 @@ public class NumericController { private final Logger logger = LoggerFactory.getLogger(getClass()); - private static final String baseURL = "http://node-service:5000/plusone"; + //private static final String baseURL = "http://node-service:5000/plusone"; + private static final String baseURL = "http://localhost:5000/plusone"; RestTemplate restTemplate = new RestTemplate(); diff --git a/untitled/.gitignore b/untitled/.gitignore new file mode 100644 index 000000000..5ff6309b7 --- /dev/null +++ b/untitled/.gitignore @@ -0,0 +1,38 @@ +target/ +!.mvn/wrapper/maven-wrapper.jar +!**/src/main/**/target/ +!**/src/test/**/target/ + +### IntelliJ IDEA ### +.idea/modules.xml +.idea/jarRepositories.xml +.idea/compiler.xml +.idea/libraries/ +*.iws +*.iml +*.ipr + +### Eclipse ### +.apt_generated +.classpath +.factorypath +.project +.settings +.springBeans +.sts4-cache + +### NetBeans ### +/nbproject/private/ +/nbbuild/ +/dist/ +/nbdist/ +/.nb-gradle/ +build/ +!**/src/main/**/build/ +!**/src/test/**/build/ + +### VS Code ### +.vscode/ + +### Mac OS ### +.DS_Store \ No newline at end of file diff --git a/untitled/.idea/.gitignore b/untitled/.idea/.gitignore new file mode 100644 index 000000000..13566b81b --- /dev/null +++ b/untitled/.idea/.gitignore @@ -0,0 +1,8 @@ +# Default ignored files +/shelf/ +/workspace.xml +# Editor-based HTTP Client requests +/httpRequests/ +# Datasource local storage ignored files +/dataSources/ +/dataSources.local.xml diff --git a/untitled/.idea/misc.xml b/untitled/.idea/misc.xml new file mode 100644 index 000000000..690fc288b --- /dev/null +++ b/untitled/.idea/misc.xml @@ -0,0 +1,14 @@ + + + + + + + + + + \ No newline at end of file diff --git a/untitled/.idea/vcs.xml b/untitled/.idea/vcs.xml new file mode 100644 index 000000000..6c0b86358 --- /dev/null +++ b/untitled/.idea/vcs.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/untitled/pom.xml b/untitled/pom.xml new file mode 100644 index 000000000..2f4e6dd6c --- /dev/null +++ b/untitled/pom.xml @@ -0,0 +1,9 @@ + + 4.0.0 + org.example + untitled + 1.0-SNAPSHOT + Archetype - untitled + http://maven.apache.org + diff --git a/untitled/src/main/resources/META-INF/maven/archetype.xml b/untitled/src/main/resources/META-INF/maven/archetype.xml new file mode 100644 index 000000000..507c1c0d2 --- /dev/null +++ b/untitled/src/main/resources/META-INF/maven/archetype.xml @@ -0,0 +1,9 @@ + + untitled + + src/main/java/App.java + + + src/test/java/AppTest.java + + diff --git a/untitled/src/main/resources/archetype-resources/pom.xml b/untitled/src/main/resources/archetype-resources/pom.xml new file mode 100644 index 000000000..9c5e7e740 --- /dev/null +++ b/untitled/src/main/resources/archetype-resources/pom.xml @@ -0,0 +1,15 @@ + + 4.0.0 + $org.example + $untitled + $1.0-SNAPSHOT + + + junit + junit + 3.8.1 + test + + + diff --git a/untitled/src/main/resources/archetype-resources/src/main/java/App.java b/untitled/src/main/resources/archetype-resources/src/main/java/App.java new file mode 100644 index 000000000..1fa6a9565 --- /dev/null +++ b/untitled/src/main/resources/archetype-resources/src/main/java/App.java @@ -0,0 +1,13 @@ +package $org.example; + +/** + * Hello world! + * + */ +public class App +{ + public static void main( String[] args ) + { + System.out.println( "Hello World!" ); + } +} diff --git a/untitled/src/main/resources/archetype-resources/src/test/java/AppTest.java b/untitled/src/main/resources/archetype-resources/src/test/java/AppTest.java new file mode 100644 index 000000000..65be417e7 --- /dev/null +++ b/untitled/src/main/resources/archetype-resources/src/test/java/AppTest.java @@ -0,0 +1,38 @@ +package $org.example; + +import junit.framework.Test; +import junit.framework.TestCase; +import junit.framework.TestSuite; + +/** + * Unit test for simple App. + */ +public class AppTest + extends TestCase +{ + /** + * Create the test case + * + * @param testName name of the test case + */ + public AppTest( String testName ) + { + super( testName ); + } + + /** + * @return the suite of tests being tested + */ + public static Test suite() + { + return new TestSuite( AppTest.class ); + } + + /** + * Rigourous Test :-) + */ + public void testApp() + { + assertTrue( true ); + } +} From e68596bc6c9d881847379d85ab101b270a43e720 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 19 Mar 2024 07:49:41 +0000 Subject: [PATCH 02/97] Adding unit tests to the Jenkins pipeline --- Jenkinsfile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Jenkinsfile b/Jenkinsfile index c65985fc9..1f46b5935 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -14,5 +14,13 @@ pipeline { archiveArtifacts artifacts: 'target/*.jar', onlyIfSuccessful: true } } + + + stage('Unit Tests') { + steps { + // Use environment variable for Maven options + sh 'mvn test' + } + } } } From 5eff3802800dfdef91c4904d7b04f4015117fe81 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 19 Mar 2024 08:32:29 +0000 Subject: [PATCH 03/97] unit testing with jacoco --- .vscode/settings.json | 3 ++- Jenkinsfile | 17 +++++++++++------ pom.xml | 24 +++++++++++++++++++++++- 3 files changed, 36 insertions(+), 8 deletions(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index 7b016a89f..e01206508 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,3 +1,4 @@ { - "java.compile.nullAnalysis.mode": "automatic" + "java.compile.nullAnalysis.mode": "automatic", + "java.configuration.updateBuildConfiguration": "interactive" } \ No newline at end of file diff --git a/Jenkinsfile b/Jenkinsfile index 1f46b5935..150ddeeae 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -16,11 +16,16 @@ pipeline { } - stage('Unit Tests') { - steps { - // Use environment variable for Maven options - sh 'mvn test' - } - } + stage('Unit Tests - JUnit and Jacoco') { + steps { + sh "mvn test" + } + post { + always { + junit 'target/surefire-reports/*.xml' + jacoco execPattern: 'target/jacoco.exec' + } + } + } } } diff --git a/pom.xml b/pom.xml index 8e71c7ac2..d8aad3f85 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.springframework.boot spring-boot-starter-parent - 2.2.1.RELEASE + 2.2.6.RELEASE @@ -45,6 +45,28 @@ org.springframework.boot spring-boot-maven-plugin + + org.jacoco + jacoco-maven-plugin + 0.8.7 + + + prepare-agent + + prepare-agent + + + + report + test + + report + + + + + + From 8142b65758785c72dcd941621648bab1009588f8 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 19 Mar 2024 08:58:10 +0000 Subject: [PATCH 04/97] Docker setup --- Jenkinsfile | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 150ddeeae..7d32fc670 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -25,7 +25,14 @@ pipeline { junit 'target/surefire-reports/*.xml' jacoco execPattern: 'target/jacoco.exec' } + } } - } - } + stage('Docker Build and Push') + steps { + sh 'printenv' + sh 'docker build -t manlikeabz/numeric-app:""$GIT_COMMIT"" .' + sh 'docker push manlikeabz/numeric-app:""$GIT_COMMIT""' + } + } + } } From 3ec450ea85114acd8d1d9a93407bbbc8afdfc015 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 19 Mar 2024 14:45:01 +0000 Subject: [PATCH 05/97] jenkinsfile format correction --- Jenkinsfile | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 7d32fc670..6308f471f 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -26,13 +26,14 @@ pipeline { jacoco execPattern: 'target/jacoco.exec' } } - } - stage('Docker Build and Push') - steps { - sh 'printenv' - sh 'docker build -t manlikeabz/numeric-app:""$GIT_COMMIT"" .' - sh 'docker push manlikeabz/numeric-app:""$GIT_COMMIT""' - } - } + } + + stage('Docker Build and Push') { + steps { + sh 'printenv' + sh 'docker build -t manlikeabz/numeric-app:""$GIT_COMMIT"" .' + sh 'docker push manlikeabz/numeric-app:""$GIT_COMMIT""' + } + } } } From cc9056692b4737c8a1beee73cf05e966394e547d Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 19 Mar 2024 14:45:23 +0000 Subject: [PATCH 06/97] more jenkinsfile correction --- Jenkinsfile | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 6308f471f..552b80683 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -29,11 +29,12 @@ pipeline { } stage('Docker Build and Push') { - steps { - sh 'printenv' - sh 'docker build -t manlikeabz/numeric-app:""$GIT_COMMIT"" .' - sh 'docker push manlikeabz/numeric-app:""$GIT_COMMIT""' - } + steps { + sh 'printenv' + // Corrected variable usage for GIT_COMMIT + sh "docker build -t manlikeabz/numeric-app:${GIT_COMMIT} ." + sh "docker push manlikeabz/numeric-app:${GIT_COMMIT}" } } + } From 5cd88f16b878579d5dedb52c2037a010da1125e5 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 19 Mar 2024 15:10:36 +0000 Subject: [PATCH 07/97] Improving the Jenkinsfile --- Jenkinsfile | 81 ++++++++++++++++++++++++++++++++--------------------- 1 file changed, 49 insertions(+), 32 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 552b80683..f1afcd68f 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,40 +1,57 @@ pipeline { - agent any + agent any - environment { - // Set JVM options for Maven - MAVEN_OPTS = "--add-opens java.base/java.lang=ALL-UNNAMED" - } + environment { + // Set JVM options for Maven + MAVEN_OPTS = "--add-opens java.base/java.lang=ALL-UNNAMED" + } + + stages { + stage('Build Artifact') { + steps { + // Use environment variable for Maven options + sh 'mvn clean package -DskipTests=true' + archiveArtifacts artifacts: 'target/*.jar', onlyIfSuccessful: true + } + } - stages { - stage('Build Artifact') { - steps { - // Use environment variable for Maven options - sh 'mvn clean package -DskipTests=true' - archiveArtifacts artifacts: 'target/*.jar', onlyIfSuccessful: true - } - } + stage('Unit Tests - JUnit and Jacoco') { + steps { + sh "mvn test" + } + post { + always { + junit 'target/surefire-reports/*.xml' + jacoco execPattern: 'target/jacoco.exec' + } + } + } + stage('Docker Build and Push') { + steps { + script { + // Ensure GIT_COMMIT is populated + GIT_COMMIT = sh(script: 'git rev-parse HEAD', returnStdout: true).trim() + echo "Building and pushing Docker image for commit: ${GIT_COMMIT}" - stage('Unit Tests - JUnit and Jacoco') { - steps { - sh "mvn test" - } - post { - always { - junit 'target/surefire-reports/*.xml' - jacoco execPattern: 'target/jacoco.exec' - } - } + // Docker login using credentials securely + withCredentials([usernamePassword(credentialsId: 'your-credentials-id', usernameVariable: 'DOCKER_USER', passwordVariable: 'DOCKER_PASS')]) { + sh "echo $DOCKER_PASS | docker login -u $DOCKER_USER --password-stdin" + + // Docker build and push commands + sh "docker build -t manlikeabz/numeric-app:${GIT_COMMIT} ." + sh "docker push manlikeabz/numeric-app:${GIT_COMMIT}" + } + } + } + } } - - stage('Docker Build and Push') { - steps { - sh 'printenv' - // Corrected variable usage for GIT_COMMIT - sh "docker build -t manlikeabz/numeric-app:${GIT_COMMIT} ." - sh "docker push manlikeabz/numeric-app:${GIT_COMMIT}" - } + + post { + always { + // Cleanup after Docker to avoid logged in credentials hanging around + sh "docker logout" + echo 'Pipeline execution complete.' + } } - } From 9050161160717cf666b779d62460204866df636e Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 19 Mar 2024 18:45:33 +0000 Subject: [PATCH 08/97] docker build --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index f1afcd68f..d37ec378e 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -35,7 +35,7 @@ pipeline { echo "Building and pushing Docker image for commit: ${GIT_COMMIT}" // Docker login using credentials securely - withCredentials([usernamePassword(credentialsId: 'your-credentials-id', usernameVariable: 'DOCKER_USER', passwordVariable: 'DOCKER_PASS')]) { + withCredentials([usernamePassword(credentialsId: '90cf476e-ad01-40fe-86fa-4b0599ac41ff', usernameVariable: 'DOCKER_USER', passwordVariable: 'DOCKER_PASS')]) { sh "echo $DOCKER_PASS | docker login -u $DOCKER_USER --password-stdin" // Docker build and push commands From c3c1b091e33bd9607658747b67e3fae763ae5aeb Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 19 Mar 2024 19:58:31 +0000 Subject: [PATCH 09/97] more jenkins changes --- Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index d37ec378e..580eb3c56 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -35,8 +35,8 @@ pipeline { echo "Building and pushing Docker image for commit: ${GIT_COMMIT}" // Docker login using credentials securely - withCredentials([usernamePassword(credentialsId: '90cf476e-ad01-40fe-86fa-4b0599ac41ff', usernameVariable: 'DOCKER_USER', passwordVariable: 'DOCKER_PASS')]) { - sh "echo $DOCKER_PASS | docker login -u $DOCKER_USER --password-stdin" + withDockerRegistry([credentialsId: "90cf476e-ad01-40fe-86fa-4b0599ac41ff", url: ""]) { + sh "printenv" // Docker build and push commands sh "docker build -t manlikeabz/numeric-app:${GIT_COMMIT} ." From 3d80330b21ae00f4c9a4b26abf0143c912603154 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 19 Mar 2024 20:21:01 +0000 Subject: [PATCH 10/97] kubernetes deployment --- Jenkinsfile | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/Jenkinsfile b/Jenkinsfile index 580eb3c56..a47b21e1c 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -45,6 +45,18 @@ pipeline { } } } + + stage('Kubernetes Deployment - DEV') { + steps { + withKubeConfig([credentialsId: 'kubeconfig']) { + sh "sed -i 's#replace#manlikeabz/numeric-app:${GIT_COMMIT}#g' k8s_deployment_service.yaml" + sh "kubectl apply -f k8s_deployment_service.yaml" + } + } + + } + + } post { From 8455994f265f4f23475583933086ecdc25af932e Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 16 Apr 2024 06:34:26 +0100 Subject: [PATCH 11/97] deployment stage --- .kubernetes/create_aks.ps1 | 33 ++++++++++++++++++ Jenkinsfile | 8 +++-- clusterrolebinding.yaml | 14 ++++++++ k8s_deployment_service.yaml | 13 +++++-- packages-microsoft-prod.deb | Bin 0 -> 3692 bytes role.yaml | 10 ++++++ secret.yaml | 8 +++++ .../java/com/devsecops/NumericController.java | 4 +-- 8 files changed, 83 insertions(+), 7 deletions(-) create mode 100644 .kubernetes/create_aks.ps1 create mode 100644 clusterrolebinding.yaml create mode 100644 packages-microsoft-prod.deb create mode 100644 role.yaml create mode 100644 secret.yaml diff --git a/.kubernetes/create_aks.ps1 b/.kubernetes/create_aks.ps1 new file mode 100644 index 000000000..a3b3f8e8e --- /dev/null +++ b/.kubernetes/create_aks.ps1 @@ -0,0 +1,33 @@ +# Login to Azure (Uncomment the next line if you need to login or switch accounts) +# az login + +# Set Variables +$resourceGroupName = "devsecops" +$location = "northeurope" +$aksClusterName = "Devsecops-aks" +$aksVersion = "1.29.0" + +# Create Resource Group if it doesn't exist +$resourceGroupExists = az group exists --name $resourceGroupName +if (-not $resourceGroupExists) { + Write-Output "Creating resource group '$resourceGroupName' in location '$location'." + az group create --name $resourceGroupName --location $location +} else { + Write-Output "Resource group '$resourceGroupName' already exists." +} + +# Create AKS Cluster +Write-Output "Creating AKS cluster named '$aksClusterName' in resource group '$resourceGroupName'." +az aks create ` + --resource-group $resourceGroupName ` + --name $aksClusterName ` + --node-count 1 ` + --enable-addons monitoring ` + --kubernetes-version $aksVersion ` + --generate-ssh-keys ` + --location $location ` + --node-vm-size Standard_B2s ` + --load-balancer-sku basic ` + --no-wait + +Write-Output "AKS cluster creation command has been executed. It may take a few minutes for the cluster to be fully operational." diff --git a/Jenkinsfile b/Jenkinsfile index a47b21e1c..6a0480b36 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -4,6 +4,9 @@ pipeline { environment { // Set JVM options for Maven MAVEN_OPTS = "--add-opens java.base/java.lang=ALL-UNNAMED" + AKS_CLUSTER_NAME = 'devsecops-aks' + NAMESPACE = 'default' + } stages { @@ -49,8 +52,9 @@ pipeline { stage('Kubernetes Deployment - DEV') { steps { withKubeConfig([credentialsId: 'kubeconfig']) { - sh "sed -i 's#replace#manlikeabz/numeric-app:${GIT_COMMIT}#g' k8s_deployment_service.yaml" - sh "kubectl apply -f k8s_deployment_service.yaml" + sh "kubectl config use-context ${AKS_CLUSTER_NAME}" + sh "sed -i 's#replace#manlikeabz/numeric-app:${GIT_COMMIT}#g' k8s_deployment_service.yaml" + sh "kubectl apply -f k8s_deployment_service.yaml" } } diff --git a/clusterrolebinding.yaml b/clusterrolebinding.yaml new file mode 100644 index 000000000..700906d77 --- /dev/null +++ b/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: deployment-manager-binding + namespace: default +subjects: +- kind: ServiceAccount + name: jenkins-deployer + namespace: default +roleRef: + kind: Role + name: deployment-manager + apiGroup: rbac.authorization.k8s.io + diff --git a/k8s_deployment_service.yaml b/k8s_deployment_service.yaml index 574742d32..ebc929b2f 100644 --- a/k8s_deployment_service.yaml +++ b/k8s_deployment_service.yaml @@ -15,9 +15,16 @@ spec: labels: app: devsecops spec: - containers: - - image: replace - name: devsecops-container + containers: + - image: replace + name: devsecops-container + resources: + limits: + cpu: "1" + memory: "1Gi" + requests: + cpu: "100m" + memory: "256Mi" --- apiVersion: v1 kind: Service diff --git a/packages-microsoft-prod.deb b/packages-microsoft-prod.deb new file mode 100644 index 0000000000000000000000000000000000000000..14e3c628526de4e505ae7e57a0762727bae905bd GIT binary patch literal 3692 zcmai%2{07?-^VGWMI=8YB1e>KmvwB3tUcJpTDz8YTeKFt%dRtOrCck=5AkzE6p}kC zRE~toEvX2xDmjv)_&Ii;e*flqo|$L<&-~xtna_OYd(V7kUY~iNF!5q|`A-_Z~Z{@23q_)qEy(9;0|yy>(M20c(G#EYRrzNq^j&x7;~ zA-`Yn1Slp8^Cfl)lKA#76RGqGLx}P|w%J-giv8sb%kUPK0d;V0dTtY|N#QC=*fod*14UJvzI4 zk0oy0Gq>-{lGFm%+$O$-w)g7JY{?nHxroe@)YFq&t(>?+_XkvSnf-~hJ12nB&$bV* zqw*Cq%fIih&D;F0Uny8HJn~LrOPV#*A4Ng6x`fV3U|Z|lH>Kl;UmoLj1jV)f$aqs# z^6LB8#S*m|y!M^Kz6UjL4oaAuu=Xzujy1rI9aDj;tI;0cA5fFYSnS0$@Y}dplqJrE zdVH!H^UN~kM5+Y42;`<$uAbdLthMDk@Mg_>qDrCAzaOb7+j#Y82JulHe~sVUM%qa1 zk%&+(K<8cQdW>OvFj}sn41ZwByN8R^faUK@BRSkQnQP!OQ1|L6S;I0mUBEQI#8^}~ ziPFB0uZNli=HHjyr``ASa}%S><)m7qvhDS z(&J?_;IhIMn+h3t!~CHFrt7CFiRSf;(hDsGyH{@rVrO4d=GC=qXRrNv^upm(Qr3Od zoTiG98FTyF~ z@j8M7iZ{HDoIkr})+%%D?N8ocyk^C!H8Zz`p63d>&C#?K8TLCufb_P|M8Bm6CyL`% zIN_qjrXKYM1)2f1CpW9BZJM8|;U1VI)mMu4d2dzRvVJzfm9ISS^I7;|SXpKjcqTAh zM?dhUy1=-l`=_DN=I2?}!Nc3i3E?HDTDJd)wz!t{d5P$1Du`uFW@oF%;|$_xry>Mp z?N8}ge}W(HCvu{0Qa21FI{VD?!&PEXh?vvHT#KG*vM-%$nMO^No6W|vv$pFAM_ zW&7v*;3fWHhDN5Ob>I+SSaUjFG~n5LBQh_WGykTd)JbE&^mfzK{IqQ64L(Q4`+Q=j zZ?{A_mF8W%kF`mE>aOFiF=4ly;_7X7tMt@?5jEV$o7e+>_mWXh^!+u~%fQY8ZM?q) zE>Sy^Yoh~hl)%s?jhCH>OQ)n&oq+@#07xOR?!P@Ac8qfeOGA_jf* z=M+~u{JePeeig)ZSrF-YqOJ&!FLX@s1fK>UAHc^e#Or@>`3r^riMSv`BjbNV%)Enk zN651AnL%<0E1>;i1yQoB_w`ih4Vf1eN{~#qi-~0`BLrEQX$TVyZEKj z*l#NEcah17XRZUs*wX3d<)N?&hX8YJz-jGeA^2(OW(x%_`Q-bXldQD4y{Q#55JGKs z14NRJvmSfmOLBaY?%@1)|@)fR_s~D zy<7P8wd{Ng7kG^SJPS8eVrC0zHSfCuG&T!u5nm(bJ3wcthk1Yc4vQtMVZgB>*F{d z^1sR7jSjG?C?D`$AR-~r?K{2qkNvH$hx?E)MU-`&anPkkkltoR9jmze(m9KBIjKP_ zv+qOT5s2hT!wH`Q#H39zVIHmeT-?XeX>(g{0;bXxY6zL;6eY^pn;m{55`;3dY_q@ z^1;_LW7QVdG26B^Y$j5q*lBL+>j8F8$4(yf_0@Zsw(rgXa(0#NFX8ld#vZ(XkdGUb zSqg60s5N0Oqr8^K&ZlbUbe=2uPEWezN0N}fQVbRvZi;U|n4&q?app=lUI;)YORWC$No^1u++wXEa*5-j_aEwUa>Y5s{9MRdlZmFd#gD7=|i8QM&?sv zz0QRdgM<$Pg0>c-12=l*?LV$<<2nPZ-rnnj?`+0pG>UPFs?Z?b-JhtS;HPQUnki{J>~^TPFnRPz z=4;>#e}gCexMJ=+(YqqW!%ZPZKr7d^@oIQjROj0nb-nHn8EMZm$c}vt(~Wf`5<;r} zwkl1G@|b&BvOx0kxvkl6Vz!SYF$qp@rwDkPuy@bZB4w(-Gk;uF@EVqGOJDm`)DyS6 z;q_lMu@-q&}~tEHjO96oV6<&&TInAL2mf2%Ch zt&Yfgw}nKd*0qTN+d)I4JjQN<_MrvV5zo=0u@b4V1nf}Cs$zxcbzbf@!k$V{YzMYP zeD>C{WtOZE*XUsF0tP{nimL>*yj3n<-0t-Ra_MsJ<*eSiw2z;@dFB)ioAWSQe=6xN zrnT!q=6_uh1|~rLwX#x#uAq`7<+Nf)g`a&FzOD^_9f+|!Zy&3{_6ZlpC#+69wOThY zJ^_>v8jnE;j~c(Z>=mmjP$hd!u5`3JqgzB}_^s>rT>+QWr&`Lf(zh-mzDFzNiwh~8 zg;(<4_;~aSgrDQ72rCQzJuUU5iglK-=;a#X#%hKF7Fd}>ki95Fg?HFJ-m6{3*cV+4 zJ6`@iAkV1oYXQ&Uj%oZegYj>WTPi%X?}#B+M)SGeM-~oPL~YY79)qMs8ha(i?<@R8 zxNBdnyMq1IYce)J4Rf!x z*crRp`km4A4=LDEQp->%FA}YHB{d0qA^;v@J#>AT3dbnbQw2Cu7?%F+d2M4Y^>j< zF!xLMlM`{X#nLI2$sg7bWXx)?tRCT|W4BIi7^V<%G23yZsPLh*A`R8!@KFJFUH)lb(b<9^^SvQcGZraxFT;P-YdE(w5XR)q!7)AM+;U0B~56% zh2M6WI5%QQR#!suryW*`mbI@I;1FExj!S~(a=iAs$QeT0gCbtq6~v=)o|~)q$Q7Q4 z8?R&ALv)ue*}g4a$K7AW7a12v35Ur;Pr_k(>kye(v z`k^#5%8%f1G13l6qS3KfguV|h5+w$J>Vl1-27wVUqNTlNxFMQh#b9E5U_c@?1Q(=h zPcUZaIXV#{y}-`lU@N??ZxD8R zFql8ZI>K9%7D&Qi&~`8?!U;vNhv~x&t?^zC5Rj1%f#KyC63Gn4;l%(UVNgdR&X7oU z!hr+5(NHYYkphIlar*S22*037+%-hh)FP@k&%x2_y7z61qu!_GGah|z+vWM z0LO5gEjR*WYY0RdpqN0ArZvdM!O7p;8wB+S4sECP%-B2e*R1}Fjz#IOypgTtsH phNNIJ+EUZrN8iDLq#0<7M`9e#i2=?5eUKEf-{pkc!v1YB{|g_7n|}ZR literal 0 HcmV?d00001 diff --git a/role.yaml b/role.yaml new file mode 100644 index 000000000..4a2c04e4b --- /dev/null +++ b/role.yaml @@ -0,0 +1,10 @@ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: default + name: deployment-manager +rules: +- apiGroups: ["", "apps", "extensions"] + resources: ["deployments", "replicasets", "pods"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + diff --git a/secret.yaml b/secret.yaml new file mode 100644 index 000000000..a41492622 --- /dev/null +++ b/secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +type: kubernetes.io/service-account-token +metadata: + name: token-secret + namespace: default # Replace with the actual namespace name + annotations: + kubernetes.io/service-account.name: "jenkins-deployer" diff --git a/src/main/java/com/devsecops/NumericController.java b/src/main/java/com/devsecops/NumericController.java index f8794f2e3..89502a1b6 100644 --- a/src/main/java/com/devsecops/NumericController.java +++ b/src/main/java/com/devsecops/NumericController.java @@ -18,8 +18,8 @@ public class NumericController { private final Logger logger = LoggerFactory.getLogger(getClass()); - //private static final String baseURL = "http://node-service:5000/plusone"; - private static final String baseURL = "http://localhost:5000/plusone"; + private static final String baseURL = "http://node-service:5000/plusone"; + // private static final String baseURL = "http://localhost:5000/plusone"; RestTemplate restTemplate = new RestTemplate(); From 73c30092ff93e9557cf48fa3b0aacf3986ce9c4a Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 16 Apr 2024 07:12:23 +0100 Subject: [PATCH 12/97] Correcting Typo --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 6a0480b36..b6d372ec4 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -4,7 +4,7 @@ pipeline { environment { // Set JVM options for Maven MAVEN_OPTS = "--add-opens java.base/java.lang=ALL-UNNAMED" - AKS_CLUSTER_NAME = 'devsecops-aks' + AKS_CLUSTER_NAME = 'Devsecops-aks' NAMESPACE = 'default' } From 24b5960a850c6091900ff83df6df274379ba8647 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 16 Apr 2024 09:18:03 +0100 Subject: [PATCH 13/97] adding sensitive info --- sec_files/file1 | 1 + sec_files/password.txt | 1 + 2 files changed, 2 insertions(+) create mode 100644 sec_files/file1 create mode 100644 sec_files/password.txt diff --git a/sec_files/file1 b/sec_files/file1 new file mode 100644 index 000000000..0e73101fb --- /dev/null +++ b/sec_files/file1 @@ -0,0 +1 @@ +secure-password123 diff --git a/sec_files/password.txt b/sec_files/password.txt new file mode 100644 index 000000000..0e73101fb --- /dev/null +++ b/sec_files/password.txt @@ -0,0 +1 @@ +secure-password123 From 7e65cb8032718c025fd0a2345502224f6a1b8e51 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 16 Apr 2024 14:08:34 +0100 Subject: [PATCH 14/97] removed files --- sec_files/file1 | 1 - sec_files/password.txt | 1 - 2 files changed, 2 deletions(-) delete mode 100644 sec_files/file1 delete mode 100644 sec_files/password.txt diff --git a/sec_files/file1 b/sec_files/file1 deleted file mode 100644 index 0e73101fb..000000000 --- a/sec_files/file1 +++ /dev/null @@ -1 +0,0 @@ -secure-password123 diff --git a/sec_files/password.txt b/sec_files/password.txt deleted file mode 100644 index 0e73101fb..000000000 --- a/sec_files/password.txt +++ /dev/null @@ -1 +0,0 @@ -secure-password123 From b4fc884a32d17e9062d65446642845d720a3f307 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 16 Apr 2024 16:17:17 +0100 Subject: [PATCH 15/97] mutation testing --- Jenkinsfile | 12 +++++++++ pom.xml | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+) diff --git a/Jenkinsfile b/Jenkinsfile index b6d372ec4..12c4110a2 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -30,6 +30,18 @@ pipeline { } } + stage('Mutation Tests - PIT') { + steps { + sh 'mvn org.pitest:pitest-maven:mutationCoverage' + } + post { + always { + archiveArtifacts artifacts: 'target/pit-reports', onlyIfSuccessful: true + pitmutation mutationStatsFile: '**/pit-reports/**/mutations.xml' + } + } + } + stage('Docker Build and Push') { steps { script { diff --git a/pom.xml b/pom.xml index d8aad3f85..d6634e78b 100644 --- a/pom.xml +++ b/pom.xml @@ -65,7 +65,85 @@ + + + + org.jacoco + jacoco-maven-plugin + 0.8.5 + + + + prepare-agent + + prepare-agent + + + + + report + test + + report + + + + + + + ${project.build.directory}/jacoco-reports + ${project.build.directory}/jacoco.exec + + + + + + org.pitest + pitest-maven + 1.5.0 + + + org.pitest + pitest-junit5-plugin + 0.12 + + + + 70 + + HTML + XML + + + + From cc527841423d0805d010a25d584ef9994f1622af Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 16 Apr 2024 17:18:30 +0100 Subject: [PATCH 16/97] changed test cases --- src/test/java/com/devsecops/NumericApplicationTests.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/java/com/devsecops/NumericApplicationTests.java b/src/test/java/com/devsecops/NumericApplicationTests.java index 3e0ae20a4..a82940f1c 100644 --- a/src/test/java/com/devsecops/NumericApplicationTests.java +++ b/src/test/java/com/devsecops/NumericApplicationTests.java @@ -36,7 +36,7 @@ public class NumericApplicationTests { @Test public void smallerThanOrEqualToFiftyMessage() throws Exception { - this.mockMvc.perform(get("/compare/49")).andDo(print()).andExpect(status().isOk()) + this.mockMvc.perform(get("/compare/50")).andDo(print()).andExpect(status().isOk()) .andExpect(content().string("Smaller than or equal to 50")); } From a32f3497fbfe43f2e36a9f2ba5331cb303615c1f Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 16 Apr 2024 17:23:08 +0100 Subject: [PATCH 17/97] corrected more error --- src/test/java/com/devsecops/NumericApplicationTests.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/test/java/com/devsecops/NumericApplicationTests.java b/src/test/java/com/devsecops/NumericApplicationTests.java index a82940f1c..c84717377 100644 --- a/src/test/java/com/devsecops/NumericApplicationTests.java +++ b/src/test/java/com/devsecops/NumericApplicationTests.java @@ -48,8 +48,7 @@ public void greaterThanFiftyMessage() throws Exception { @Test public void welcomeMessage() throws Exception { - this.mockMvc.perform(get("/")).andDo(print()).andExpect(status().isOk()); + this.mockMvc.perform(get("/")).andDo(print()).andExpect(status().isOk()) + .andExpect(content().string("Kubernetes DevSecOps")); } - - } \ No newline at end of file From ac832c42ee441fcfdd6b90905bd735f48b8e6b68 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 16 Apr 2024 17:27:46 +0100 Subject: [PATCH 18/97] corrected pipeline error --- Jenkinsfile | 1 - pom.xml | 6 ------ 2 files changed, 7 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 12c4110a2..21641fb71 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -36,7 +36,6 @@ pipeline { } post { always { - archiveArtifacts artifacts: 'target/pit-reports', onlyIfSuccessful: true pitmutation mutationStatsFile: '**/pit-reports/**/mutations.xml' } } diff --git a/pom.xml b/pom.xml index d6634e78b..47d6ca938 100644 --- a/pom.xml +++ b/pom.xml @@ -137,12 +137,6 @@ XML - From a2dd353eb3ab254dfa00bb5a507d55f174ab1a39 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sun, 21 Apr 2024 11:58:21 +0100 Subject: [PATCH 19/97] Setting up sonarqube --- Jenkinsfile | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 21641fb71..3a6d486e3 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -30,13 +30,24 @@ pipeline { } } - stage('Mutation Tests - PIT') { - steps { - sh 'mvn org.pitest:pitest-maven:mutationCoverage' + stage('Mutation Tests - PIT') { + steps { + sh 'mvn org.pitest:pitest-maven:mutationCoverage' + } + post { + always { + pitmutation mutationStatsFile: '**/pit-reports/**/mutations.xml' + } + } } - post { - always { - pitmutation mutationStatsFile: '**/pit-reports/**/mutations.xml' + node { + stage('SonarQube - SAST') { + checkout scm + } + stage('SonarQube Analysis') { + def mvn = tool 'Default Maven'; + withSonarQubeEnv() { + sh "${mvn}/bin/mvn clean verify sonar:sonar -Dsonar.projectKey=numeric-application -Dsonar.projectName='numeric-application'" } } } @@ -63,17 +74,15 @@ pipeline { stage('Kubernetes Deployment - DEV') { steps { withKubeConfig([credentialsId: 'kubeconfig']) { - sh "kubectl config use-context ${AKS_CLUSTER_NAME}" - sh "sed -i 's#replace#manlikeabz/numeric-app:${GIT_COMMIT}#g' k8s_deployment_service.yaml" - sh "kubectl apply -f k8s_deployment_service.yaml" + sh "kubectl config use-context ${AKS_CLUSTER_NAME}" + sh "sed -i 's#replace#manlikeabz/numeric-app:${GIT_COMMIT}#g' k8s_deployment_service.yaml" + sh "kubectl apply -f k8s_deployment_service.yaml" } } - - } - - + } } + post { always { // Cleanup after Docker to avoid logged in credentials hanging around From 40ff10a40bafc5b641ff77d98e1a18fbc7a837f6 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sun, 21 Apr 2024 12:07:06 +0100 Subject: [PATCH 20/97] sonarqube correcion --- .talismanrc | 4 ++++ Jenkinsfile | 6 +----- 2 files changed, 5 insertions(+), 5 deletions(-) create mode 100644 .talismanrc diff --git a/.talismanrc b/.talismanrc new file mode 100644 index 000000000..d817724ca --- /dev/null +++ b/.talismanrc @@ -0,0 +1,4 @@ +fileignoreconfig: +- filename: Jenkinsfile + checksum: 6f7b5b2bd827c6404a7af92f0e6000aea7c5bdfc46ac5c3eacbc9b2eece6be73 +version: "" \ No newline at end of file diff --git a/Jenkinsfile b/Jenkinsfile index 3a6d486e3..8d696cee0 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -40,17 +40,13 @@ pipeline { } } } - node { - stage('SonarQube - SAST') { - checkout scm - } + stage('SonarQube Analysis') { def mvn = tool 'Default Maven'; withSonarQubeEnv() { sh "${mvn}/bin/mvn clean verify sonar:sonar -Dsonar.projectKey=numeric-application -Dsonar.projectName='numeric-application'" } } - } stage('Docker Build and Push') { steps { From 05d1fc0b964aa475bbd393d465ad4784fb65f2b8 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sun, 21 Apr 2024 17:52:52 +0100 Subject: [PATCH 21/97] fixing sonarqube --- .talismanrc | 3 +-- Jenkinsfile | 13 ++++++++----- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/.talismanrc b/.talismanrc index d817724ca..7b0cfba73 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,4 +1,3 @@ fileignoreconfig: - filename: Jenkinsfile - checksum: 6f7b5b2bd827c6404a7af92f0e6000aea7c5bdfc46ac5c3eacbc9b2eece6be73 -version: "" \ No newline at end of file +- filename: '*.log' \ No newline at end of file diff --git a/Jenkinsfile b/Jenkinsfile index 8d696cee0..231fc22a7 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -40,14 +40,17 @@ pipeline { } } } - stage('SonarQube Analysis') { - def mvn = tool 'Default Maven'; - withSonarQubeEnv() { - sh "${mvn}/bin/mvn clean verify sonar:sonar -Dsonar.projectKey=numeric-application -Dsonar.projectName='numeric-application'" + steps { + // Using a script block to contain the non-step directive `def` and `withSonarQubeEnv` + script { + def mvn = tool 'Default Maven' + withSonarQubeEnv('sq1') { // Make sure to specify your SonarQube environment if needed + sh "${mvn}/bin/mvn clean verify sonar:sonar -Dsonar.projectKey=numeric-application -Dsonar.projectName='numeric-application'" + } + } } } - stage('Docker Build and Push') { steps { script { From c8a8f5560d01fe41e3c441d01bec1515d62ef136 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sun, 21 Apr 2024 17:54:38 +0100 Subject: [PATCH 22/97] fixing sonarqube --- .talismanrc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.talismanrc b/.talismanrc index 7b0cfba73..8a50dc8e0 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,3 +1,6 @@ fileignoreconfig: - filename: Jenkinsfile -- filename: '*.log' \ No newline at end of file +- filename: '*.log' +- filename: Jenkinsfile + checksum: 2e84ccaf8e89be44558aa3a355d90df5382742eb1242ccc48ba3c18b0b395708 +version: "" \ No newline at end of file From 8947c146efb52afb75a40cabf60aa7057aaf2443 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sun, 21 Apr 2024 18:10:38 +0100 Subject: [PATCH 23/97] fixing maven --- .talismanrc | 2 -- Jenkinsfile | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/.talismanrc b/.talismanrc index 8a50dc8e0..96ac7cf22 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,6 +1,4 @@ fileignoreconfig: -- filename: Jenkinsfile -- filename: '*.log' - filename: Jenkinsfile checksum: 2e84ccaf8e89be44558aa3a355d90df5382742eb1242ccc48ba3c18b0b395708 version: "" \ No newline at end of file diff --git a/Jenkinsfile b/Jenkinsfile index 231fc22a7..dccbc0d04 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -44,7 +44,7 @@ pipeline { steps { // Using a script block to contain the non-step directive `def` and `withSonarQubeEnv` script { - def mvn = tool 'Default Maven' + // def mvn = tool 'Default Maven' withSonarQubeEnv('sq1') { // Make sure to specify your SonarQube environment if needed sh "${mvn}/bin/mvn clean verify sonar:sonar -Dsonar.projectKey=numeric-application -Dsonar.projectName='numeric-application'" } From ba05a47e2f7db583b38a5ab3431fdc1aa0d30d2a Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sun, 21 Apr 2024 18:43:23 +0100 Subject: [PATCH 24/97] Sonarqube config --- .talismanrc | 2 +- Jenkinsfile | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.talismanrc b/.talismanrc index 96ac7cf22..de3b6821f 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,4 +1,4 @@ fileignoreconfig: - filename: Jenkinsfile - checksum: 2e84ccaf8e89be44558aa3a355d90df5382742eb1242ccc48ba3c18b0b395708 + checksum: afbbcb2caa7ce748cf05f0303af97a2902d136f5439f05ac5488c678f6b210d0 version: "" \ No newline at end of file diff --git a/Jenkinsfile b/Jenkinsfile index dccbc0d04..bf11b5807 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -42,15 +42,16 @@ pipeline { } stage('SonarQube Analysis') { steps { - // Using a script block to contain the non-step directive `def` and `withSonarQubeEnv` script { - // def mvn = tool 'Default Maven' - withSonarQubeEnv('sq1') { // Make sure to specify your SonarQube environment if needed - sh "${mvn}/bin/mvn clean verify sonar:sonar -Dsonar.projectKey=numeric-application -Dsonar.projectName='numeric-application'" + def mvn = tool 'Default Maven' + withSonarQubeEnv('sq1') { // Ensure the SonarQube environment is correctly named as configured in Jenkins + // Using MAVEN_OPTS directly in the Maven command + sh "${mvn}/bin/mvn clean verify sonar:sonar -Dsonar.projectKey=numeric-application -Dsonar.projectName='numeric-application' ${env.MAVEN_OPTS}" } } } } + stage('Docker Build and Push') { steps { script { From d737421fca830ad1fd2d8b69695350725a18c1e6 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sun, 21 Apr 2024 18:43:49 +0100 Subject: [PATCH 25/97] Sonarqube config --- .talismanrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.talismanrc b/.talismanrc index de3b6821f..115263427 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,4 +1,4 @@ fileignoreconfig: - filename: Jenkinsfile - checksum: afbbcb2caa7ce748cf05f0303af97a2902d136f5439f05ac5488c678f6b210d0 + checksum: 3f156ccb79753e1de4efdbc41b6b301719f1819d790e0bd202d6a5b4aae1815d version: "" \ No newline at end of file From 37206ab2d53105ddea5c315812d9abd557eb3cd0 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sun, 21 Apr 2024 18:53:26 +0100 Subject: [PATCH 26/97] Sonarqube config test --- Jenkinsfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index bf11b5807..e962942f1 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -44,6 +44,8 @@ pipeline { steps { script { def mvn = tool 'Default Maven' + import hudson.plugins.sonar.SonarRunnerInstallation // Add this import statement + withSonarQubeEnv('sq1') { // Ensure the SonarQube environment is correctly named as configured in Jenkins // Using MAVEN_OPTS directly in the Maven command sh "${mvn}/bin/mvn clean verify sonar:sonar -Dsonar.projectKey=numeric-application -Dsonar.projectName='numeric-application' ${env.MAVEN_OPTS}" @@ -51,7 +53,6 @@ pipeline { } } } - stage('Docker Build and Push') { steps { script { From eae52310bd9a47179ce2afdd6c8671f131ea2c0b Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sun, 21 Apr 2024 19:13:38 +0100 Subject: [PATCH 27/97] sonarqube config --- .talismanrc | 2 +- Jenkinsfile | 14 ++++---------- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/.talismanrc b/.talismanrc index 115263427..a07c42a23 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,4 +1,4 @@ fileignoreconfig: - filename: Jenkinsfile - checksum: 3f156ccb79753e1de4efdbc41b6b301719f1819d790e0bd202d6a5b4aae1815d + checksum: 5716dc4433bf4856d4d62118676f768179102664a46eac7dd0775afe3b68fe8b version: "" \ No newline at end of file diff --git a/Jenkinsfile b/Jenkinsfile index e962942f1..4fbf30b81 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -40,19 +40,13 @@ pipeline { } } } - stage('SonarQube Analysis') { - steps { - script { - def mvn = tool 'Default Maven' - import hudson.plugins.sonar.SonarRunnerInstallation // Add this import statement - withSonarQubeEnv('sq1') { // Ensure the SonarQube environment is correctly named as configured in Jenkins - // Using MAVEN_OPTS directly in the Maven command - sh "${mvn}/bin/mvn clean verify sonar:sonar -Dsonar.projectKey=numeric-application -Dsonar.projectName='numeric-application' ${env.MAVEN_OPTS}" - } - } + stage("SonarQube - SAST") { + steps { + sh "mvn clean verify sonar:sonar -Dsonar.projectKey=numeric-application -Dsonar.projectName='numeric-application' -Dsonar.host.url=http://devsecops-abzconsultancies.eastus.cloudapp.azure.com:9000 -Dsonar.token=squ_b0ffa602f401442384e12c06cbd73a66b51a7d2a" } } + stage('Docker Build and Push') { steps { script { From a5ba668296bd885a696ae79fc4e997cfae520d09 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 27 Apr 2024 10:08:06 +0100 Subject: [PATCH 28/97] Adding quality gates --- .talismanrc | 2 +- Jenkinsfile | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.talismanrc b/.talismanrc index a07c42a23..88de039ed 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,4 +1,4 @@ fileignoreconfig: - filename: Jenkinsfile - checksum: 5716dc4433bf4856d4d62118676f768179102664a46eac7dd0775afe3b68fe8b + checksum: 1a07f9bd9a28ffb250563fc3dfbde4922d643932b00bf6158168d62afa900cf2 version: "" \ No newline at end of file diff --git a/Jenkinsfile b/Jenkinsfile index 4fbf30b81..970f643a3 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -45,6 +45,9 @@ pipeline { steps { sh "mvn clean verify sonar:sonar -Dsonar.projectKey=numeric-application -Dsonar.projectName='numeric-application' -Dsonar.host.url=http://devsecops-abzconsultancies.eastus.cloudapp.azure.com:9000 -Dsonar.token=squ_b0ffa602f401442384e12c06cbd73a66b51a7d2a" } + timeout(time: 2, unit: 'MINUTES') { + waitForQualityGate abortPipeline: true + } } stage('Docker Build and Push') { From 958a39397bad51a9873298cbd6b4f50cda393888 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 27 Apr 2024 10:26:50 +0100 Subject: [PATCH 29/97] Fixing correction --- .talismanrc | 2 +- Jenkinsfile | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.talismanrc b/.talismanrc index 88de039ed..c731a520c 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,4 +1,4 @@ fileignoreconfig: - filename: Jenkinsfile - checksum: 1a07f9bd9a28ffb250563fc3dfbde4922d643932b00bf6158168d62afa900cf2 + checksum: e67c0cb21dd9c65a44673b4e99b321c35ac7c87d43e6c7da137b7fdd06b7288f version: "" \ No newline at end of file diff --git a/Jenkinsfile b/Jenkinsfile index 970f643a3..33fbc47fa 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -43,10 +43,10 @@ pipeline { stage("SonarQube - SAST") { steps { - sh "mvn clean verify sonar:sonar -Dsonar.projectKey=numeric-application -Dsonar.projectName='numeric-application' -Dsonar.host.url=http://devsecops-abzconsultancies.eastus.cloudapp.azure.com:9000 -Dsonar.token=squ_b0ffa602f401442384e12c06cbd73a66b51a7d2a" + sh "mvn clean verify sonar:sonar -Dsonar.projectKey=numeric-application -Dsonar.projectName='numeric-application' -Dsonar.host.url=http://devsecops-abzconsultancies.eastus.cloudapp.azure.com:9000 -Dsonar.token=squ_b0ffa602f401442384e12c06cbd73a66b51a7d2a" } timeout(time: 2, unit: 'MINUTES') { - waitForQualityGate abortPipeline: true + waitForQualityGate abortPipeline: true } } From beb9fb36109f67eb37db8ade64e00bc1f06825d3 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 27 Apr 2024 10:56:39 +0100 Subject: [PATCH 30/97] fixing sonargate --- .talismanrc | 2 +- Jenkinsfile | 19 +++++++++++++------ 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/.talismanrc b/.talismanrc index c731a520c..6a16cb10c 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,4 +1,4 @@ fileignoreconfig: - filename: Jenkinsfile - checksum: e67c0cb21dd9c65a44673b4e99b321c35ac7c87d43e6c7da137b7fdd06b7288f + checksum: 9f711cfa5768d588229b78ed05f377945133dc2ac8e14b1fa1f60bdc3fc85772 version: "" \ No newline at end of file diff --git a/Jenkinsfile b/Jenkinsfile index 33fbc47fa..4eaa427d8 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -41,14 +41,21 @@ pipeline { } } - stage("SonarQube - SAST") { + + + stage('SonarQube - SAST') { steps { - sh "mvn clean verify sonar:sonar -Dsonar.projectKey=numeric-application -Dsonar.projectName='numeric-application' -Dsonar.host.url=http://devsecops-abzconsultancies.eastus.cloudapp.azure.com:9000 -Dsonar.token=squ_b0ffa602f401442384e12c06cbd73a66b51a7d2a" - } - timeout(time: 2, unit: 'MINUTES') { - waitForQualityGate abortPipeline: true + withSonarQubeEnv('SonarQube') { + sh "mvn sonar:sonar -Dsonar.projectKey=numeric-application -Dsonar.host.url=http://devsecops-abzconsultancies.eastus.cloudapp.azure.com:9000 -Dsonar.token=squ_b0ffa602f401442384e12c06cbd73a66b51a7d2a" + // Make sure the SonarQube scanner has finished before proceeding + + } + timeout(time: 2, unit: 'MINUTES') { + script { + waitForQualityGate abortPipeline: true + } + } } - } stage('Docker Build and Push') { steps { From fd5c3e965677d1c4afd0d9764ba228da7c68fdb6 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 27 Apr 2024 11:00:35 +0100 Subject: [PATCH 31/97] formatting jenkinsfile --- .talismanrc | 2 +- Jenkinsfile | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.talismanrc b/.talismanrc index 6a16cb10c..5ccec587a 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,4 +1,4 @@ fileignoreconfig: - filename: Jenkinsfile - checksum: 9f711cfa5768d588229b78ed05f377945133dc2ac8e14b1fa1f60bdc3fc85772 + checksum: c4f6c673f0e4c002ebe8b4a771d513089f086be477315422824951c404a158fc version: "" \ No newline at end of file diff --git a/Jenkinsfile b/Jenkinsfile index 4eaa427d8..b2f5bca0c 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -56,6 +56,7 @@ pipeline { } } } + } stage('Docker Build and Push') { steps { From bc4dac4beeadc572fafa7144b9d6f48999216e2a Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 27 Apr 2024 11:00:57 +0100 Subject: [PATCH 32/97] formatting jenkinsfile --- .talismanrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.talismanrc b/.talismanrc index 5ccec587a..1c864bdae 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,4 +1,4 @@ fileignoreconfig: - filename: Jenkinsfile - checksum: c4f6c673f0e4c002ebe8b4a771d513089f086be477315422824951c404a158fc + checksum: f0ed75e13a6473ba91107349d063c67d770e61e16d8946a63904d27f54a69d2f version: "" \ No newline at end of file From 53491023cd0b39baf6dd3afffff1ec2fa65e8fbe Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 27 Apr 2024 11:09:42 +0100 Subject: [PATCH 33/97] removing unused import packages --- src/main/java/com/devsecops/NumericController.java | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/main/java/com/devsecops/NumericController.java b/src/main/java/com/devsecops/NumericController.java index 89502a1b6..0db4b8526 100644 --- a/src/main/java/com/devsecops/NumericController.java +++ b/src/main/java/com/devsecops/NumericController.java @@ -2,16 +2,10 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.boot.web.client.RestTemplateBuilder; -import org.springframework.context.annotation.Bean; import org.springframework.http.ResponseEntity; -import org.springframework.stereotype.Service; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RestController; -import org.springframework.stereotype.Service; import org.springframework.web.client.RestTemplate; @RestController From c0b7f3bb9f2f7d313c56850a7e2602d52c810a7e Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 27 Apr 2024 11:21:43 +0100 Subject: [PATCH 34/97] fixing quality gate --- Jenkinsfile | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index b2f5bca0c..d72ff5ee4 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -50,12 +50,14 @@ pipeline { // Make sure the SonarQube scanner has finished before proceeding } - timeout(time: 2, unit: 'MINUTES') { script { - waitForQualityGate abortPipeline: true + // It will wait indefinitely for the SonarQube analysis to complete + def qg = waitForQualityGate() + if (qg.status != 'OK') { + error "Quality gate not passed: ${qg.status}" } } - } + } stage('Docker Build and Push') { From 4fcd1cd516cc0c3c2bc581dcb68198aacec16ebd Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 27 Apr 2024 11:22:08 +0100 Subject: [PATCH 35/97] fixing quality gate talisman --- .talismanrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.talismanrc b/.talismanrc index 1c864bdae..4230bdebc 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,4 +1,4 @@ fileignoreconfig: - filename: Jenkinsfile - checksum: f0ed75e13a6473ba91107349d063c67d770e61e16d8946a63904d27f54a69d2f + checksum: 9bb17f6da00de171040f20aa2fa60f875ecc43e7ff4e8cabcb07f347a88b3928 version: "" \ No newline at end of file From e45fab86b4c570c1af17cad987cddef5914fe8e0 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 27 Apr 2024 11:24:18 +0100 Subject: [PATCH 36/97] fixing quality gate talisman error --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index d72ff5ee4..3a94a67ab 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -57,7 +57,7 @@ pipeline { error "Quality gate not passed: ${qg.status}" } } - + } } stage('Docker Build and Push') { From eb2d8c056cf0491a26e55f4f3ef3162e0ffd2afe Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 27 Apr 2024 11:24:52 +0100 Subject: [PATCH 37/97] Fixing errors --- .talismanrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.talismanrc b/.talismanrc index 4230bdebc..3c7d878da 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,4 +1,4 @@ fileignoreconfig: - filename: Jenkinsfile - checksum: 9bb17f6da00de171040f20aa2fa60f875ecc43e7ff4e8cabcb07f347a88b3928 + checksum: b885e4e3bf507aadec37dcb051835a8c586148f2a4cb7100a6cef130af6eabf1 version: "" \ No newline at end of file From 2160a13cb6da4f1cf99d30dca8c96a3e51bbc1d6 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 27 Apr 2024 13:28:43 +0100 Subject: [PATCH 38/97] Adding Dependency-check --- Jenkinsfile | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 3a94a67ab..996c3d782 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -59,7 +59,18 @@ pipeline { } } } - + stage('Vulberability Scan - Docker') { + steps { + script { + sh "mvn dependency-check:check"} + } + post { + always { + publishDependencyCheck pattern: 'target/dependency-check-report.xml' + } + } + } + stage('Docker Build and Push') { steps { script { From 3e8ce5b2801ddad9cabdd2b780ef8ce77922dcf1 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 27 Apr 2024 13:29:08 +0100 Subject: [PATCH 39/97] Adding Dependency-check --- .talismanrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.talismanrc b/.talismanrc index 3c7d878da..94e42cedd 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,4 +1,4 @@ fileignoreconfig: - filename: Jenkinsfile - checksum: b885e4e3bf507aadec37dcb051835a8c586148f2a4cb7100a6cef130af6eabf1 + checksum: 74281c1c114e47f62e32aa6a2e1468e68237c995d0240ec9959409b3c4f9f8b6 version: "" \ No newline at end of file From 58f7441e4c81250a4fdd82b7b1a9f3aecd69aa5c Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 27 Apr 2024 13:43:30 +0100 Subject: [PATCH 40/97] pom xml dependency-check --- pom.xml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pom.xml b/pom.xml index 47d6ca938..29e5bda6d 100644 --- a/pom.xml +++ b/pom.xml @@ -139,6 +139,16 @@ + + org.owasp + dependency-check-maven + 6.1.6 + + 5 + ALL + + + From 6642170aff3c103efc3fad93ec7d3a18aa072c58 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 27 Apr 2024 14:52:36 +0100 Subject: [PATCH 41/97] fixing pom.xml --- Jenkinsfile | 4 ++-- pom.xml | 55 ++--------------------------------------------------- 2 files changed, 4 insertions(+), 55 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 996c3d782..6145e2a71 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -66,11 +66,11 @@ pipeline { } post { always { - publishDependencyCheck pattern: 'target/dependency-check-report.xml' + dependencyCheckPublisher pattern: 'target/dependency-check-report.xml' } } } - + stage('Docker Build and Push') { steps { script { diff --git a/pom.xml b/pom.xml index 29e5bda6d..a09ebb02b 100644 --- a/pom.xml +++ b/pom.xml @@ -65,59 +65,8 @@ - - - - org.jacoco - jacoco-maven-plugin - 0.8.5 - - - - prepare-agent - - prepare-agent - - - - - report - test - - report - - - - - - - ${project.build.directory}/jacoco-reports - ${project.build.directory}/jacoco.exec - - - - + + org.pitest From dbaebcb2c4be6fe8c9ede5dfbdced9555fc73cf9 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 27 Apr 2024 15:10:47 +0100 Subject: [PATCH 42/97] upgrading spring-boot-start-parent --- .talismanrc | 2 +- pom.xml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.talismanrc b/.talismanrc index 94e42cedd..3a028582a 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,4 +1,4 @@ fileignoreconfig: - filename: Jenkinsfile - checksum: 74281c1c114e47f62e32aa6a2e1468e68237c995d0240ec9959409b3c4f9f8b6 + checksum: 195670ced112695c583ecfd36f6f022aac1a0cb723f4746dc433966f567880c4 version: "" \ No newline at end of file diff --git a/pom.xml b/pom.xml index a09ebb02b..65eef3bd8 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.springframework.boot spring-boot-starter-parent - 2.2.6.RELEASE + 2.3.5.RELEASE @@ -66,8 +66,8 @@ - - + + org.pitest pitest-maven From 4292e6c264e80875750d0c1946c1cd2556fb52a9 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 27 Apr 2024 15:21:32 +0100 Subject: [PATCH 43/97] Fixing Sonarqube error --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 65eef3bd8..a51b9d5c6 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.springframework.boot spring-boot-starter-parent - 2.3.5.RELEASE + 3.2.4 @@ -66,8 +66,8 @@ - - + + org.pitest pitest-maven From c90c3a167115f6c27a6fe8ca3ac38ec69a543863 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 27 Apr 2024 15:27:08 +0100 Subject: [PATCH 44/97] Fixing Sonarqube error pt2 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index a51b9d5c6..22faf489d 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.springframework.boot spring-boot-starter-parent - 3.2.4 + 2.3.5.RELEASE From f3fa02bab4cad2fb07df8f4eaad4329be33464c0 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 15:32:27 +0100 Subject: [PATCH 45/97] Fixing CVEs --- pom.xml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index 22faf489d..c79300574 100644 --- a/pom.xml +++ b/pom.xml @@ -3,10 +3,9 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> 4.0.0 - org.springframework.boot - spring-boot-starter-parent - 2.3.5.RELEASE - + org.springframework.boot + spring-boot-starter-parent + 3.0.3 com.devsecops From db95f163e7c784a1f8c9615ade2709b933a29144 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 15:40:31 +0100 Subject: [PATCH 46/97] Fixing more CVE errors --- pom.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/pom.xml b/pom.xml index c79300574..c90c49343 100644 --- a/pom.xml +++ b/pom.xml @@ -25,6 +25,7 @@ org.springframework.boot spring-boot-starter-web + org.springframework.boot From ddd060098cad5728f84d0030b455052246d8c719 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 15:45:19 +0100 Subject: [PATCH 47/97] Fixing more NumericalApplicationTests.java errors --- .../devsecops/NumericApplicationTests.java | 36 +++---------------- 1 file changed, 4 insertions(+), 32 deletions(-) diff --git a/src/test/java/com/devsecops/NumericApplicationTests.java b/src/test/java/com/devsecops/NumericApplicationTests.java index c84717377..b9f40873f 100644 --- a/src/test/java/com/devsecops/NumericApplicationTests.java +++ b/src/test/java/com/devsecops/NumericApplicationTests.java @@ -1,7 +1,4 @@ -package com.devsecops; - - -import org.junit.Test; +import org.junit.jupiter.api.Test; // JUnit 5 import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; import org.springframework.boot.test.context.SpringBootTest; @@ -11,22 +8,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -//import org.junit.jupiter.api.Test; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; -import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.test.web.servlet.MockMvc; -import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; -import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -//import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.test.context.junit4.SpringRunner; -import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; - -@RunWith(SpringRunner.class) @SpringBootTest @AutoConfigureMockMvc public class NumericApplicationTests { @@ -34,21 +16,11 @@ public class NumericApplicationTests { @Autowired private MockMvc mockMvc; - @Test + @Test // JUnit 5 annotation public void smallerThanOrEqualToFiftyMessage() throws Exception { this.mockMvc.perform(get("/compare/50")).andDo(print()).andExpect(status().isOk()) .andExpect(content().string("Smaller than or equal to 50")); } - @Test - public void greaterThanFiftyMessage() throws Exception { - this.mockMvc.perform(get("/compare/51")).andDo(print()).andExpect(status().isOk()) - .andExpect(content().string("Greater than 50")); - } - - @Test - public void welcomeMessage() throws Exception { - this.mockMvc.perform(get("/")).andDo(print()).andExpect(status().isOk()) - .andExpect(content().string("Kubernetes DevSecOps")); - } -} \ No newline at end of file + // Update other tests similarly ... +} From 5614a7a0c13ea7b5ffeb1fd3e431394139ca2518 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 15:59:06 +0100 Subject: [PATCH 48/97] Fixing test errors --- src/test/java/com/devsecops/AppTest.java | 25 ++++++++++++++++++ .../devsecops/NumericApplicationTests.java | 26 ------------------- 2 files changed, 25 insertions(+), 26 deletions(-) create mode 100644 src/test/java/com/devsecops/AppTest.java delete mode 100644 src/test/java/com/devsecops/NumericApplicationTests.java diff --git a/src/test/java/com/devsecops/AppTest.java b/src/test/java/com/devsecops/AppTest.java new file mode 100644 index 000000000..890410c5a --- /dev/null +++ b/src/test/java/com/devsecops/AppTest.java @@ -0,0 +1,25 @@ +package org.example; // Replace 'org.example' with your project's package + +import org.junit.jupiter.api.Test; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.web.servlet.MockMvc; + +import static org.junit.jupiter.api.Assertions.*; // For assertions + +// Replace 'MyApp' with your main Spring Boot application class +@SpringBootTest(classes = MyApp.class) +@AutoConfigureMockMvc // If you're testing web controllers +public class AppTest { + + @Autowired + private MockMvc mockMvc; // If you're testing web controllers + + @Test + public void contextLoads() { + // Example: Test that the application context loads successfully + assertNotNull(mockMvc); + } + + // ... Add more tests here ... +} diff --git a/src/test/java/com/devsecops/NumericApplicationTests.java b/src/test/java/com/devsecops/NumericApplicationTests.java deleted file mode 100644 index b9f40873f..000000000 --- a/src/test/java/com/devsecops/NumericApplicationTests.java +++ /dev/null @@ -1,26 +0,0 @@ -import org.junit.jupiter.api.Test; // JUnit 5 -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; -import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.test.web.servlet.MockMvc; - -import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; -import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; - -@SpringBootTest -@AutoConfigureMockMvc -public class NumericApplicationTests { - - @Autowired - private MockMvc mockMvc; - - @Test // JUnit 5 annotation - public void smallerThanOrEqualToFiftyMessage() throws Exception { - this.mockMvc.perform(get("/compare/50")).andDo(print()).andExpect(status().isOk()) - .andExpect(content().string("Smaller than or equal to 50")); - } - - // Update other tests similarly ... -} From 52f1c29aca3b7d0dfa1e54e1be1e06ac8140c2e4 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 16:03:42 +0100 Subject: [PATCH 49/97] Fixing the test app errors --- src/test/java/com/devsecops/AppTest.java | 25 ----------- .../devsecops/NumericApplicationTests.java | 45 +++++++++++++++++++ 2 files changed, 45 insertions(+), 25 deletions(-) delete mode 100644 src/test/java/com/devsecops/AppTest.java create mode 100644 src/test/java/com/devsecops/NumericApplicationTests.java diff --git a/src/test/java/com/devsecops/AppTest.java b/src/test/java/com/devsecops/AppTest.java deleted file mode 100644 index 890410c5a..000000000 --- a/src/test/java/com/devsecops/AppTest.java +++ /dev/null @@ -1,25 +0,0 @@ -package org.example; // Replace 'org.example' with your project's package - -import org.junit.jupiter.api.Test; -import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.web.servlet.MockMvc; - -import static org.junit.jupiter.api.Assertions.*; // For assertions - -// Replace 'MyApp' with your main Spring Boot application class -@SpringBootTest(classes = MyApp.class) -@AutoConfigureMockMvc // If you're testing web controllers -public class AppTest { - - @Autowired - private MockMvc mockMvc; // If you're testing web controllers - - @Test - public void contextLoads() { - // Example: Test that the application context loads successfully - assertNotNull(mockMvc); - } - - // ... Add more tests here ... -} diff --git a/src/test/java/com/devsecops/NumericApplicationTests.java b/src/test/java/com/devsecops/NumericApplicationTests.java new file mode 100644 index 000000000..9662b29e1 --- /dev/null +++ b/src/test/java/com/devsecops/NumericApplicationTests.java @@ -0,0 +1,45 @@ +package com.devsecops; + +import org.junit.jupiter.api.Test; // JUnit 5 import +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.test.web.servlet.MockMvc; +import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; // Import +import org.springframework.test.web.servlet.result.MockMvcResultHandlers; // Import +import org.springframework.test.web.servlet.result.MockMvcResultMatchers; // Import + +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; + +@SpringBootTest +@AutoConfigureMockMvc +public class NumericApplicationTests { + + @Autowired + private MockMvc mockMvc; + + @Test + public void smallerThanOrEqualToFiftyMessage() throws Exception { + this.mockMvc.perform(MockMvcRequestBuilders.get("/compare/50")) + .andDo(MockMvcResultHandlers.print()) + .andExpect(status().isOk()) + .andExpect(content().string("Smaller than or equal to 50")); + } + + @Test + public void greaterThanFiftyMessage() throws Exception { + this.mockMvc.perform(MockMvcRequestBuilders.get("/compare/51")) + .andDo(MockMvcResultHandlers.print()) + .andExpect(status().isOk()) + .andExpect(content().string("Greater than 50")); + } + + @Test + public void welcomeMessage() throws Exception { + this.mockMvc.perform(MockMvcRequestBuilders.get("/")) + .andDo(MockMvcResultHandlers.print()) + .andExpect(status().isOk()) + .andExpect(content().string("Kubernetes DevSecOps")); + } +} From 51e73906ce2076260379eec0003727384bd8e792 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 16:39:33 +0100 Subject: [PATCH 50/97] Fixing the qualityGate error --- src/main/java/com/devsecops/NumericController.java | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/devsecops/NumericController.java b/src/main/java/com/devsecops/NumericController.java index 0db4b8526..99cc9d2ed 100644 --- a/src/main/java/com/devsecops/NumericController.java +++ b/src/main/java/com/devsecops/NumericController.java @@ -12,9 +12,7 @@ public class NumericController { private final Logger logger = LoggerFactory.getLogger(getClass()); - private static final String baseURL = "http://node-service:5000/plusone"; - // private static final String baseURL = "http://localhost:5000/plusone"; - + private static final String BASE_URL = "http://node-service:5000/plusone"; RestTemplate restTemplate = new RestTemplate(); @RestController @@ -38,7 +36,7 @@ public String compareToFifty(@PathVariable int value) { @GetMapping("/increment/{value}") public int increment(@PathVariable int value) { - ResponseEntity responseEntity = restTemplate.getForEntity(baseURL + '/' + value, String.class); + ResponseEntity responseEntity = restTemplate.getForEntity(BASE_URL + '/' + value, String.class); String response = responseEntity.getBody(); logger.info("Value Received in Request - " + value); logger.info("Node Service Response - " + response); From e90bf234c6d04f34aceecca8d2f79a5176bc5934 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 17:50:17 +0100 Subject: [PATCH 51/97] Fixing quality gate error --- .../java/com/devsecops/NumericController.java | 58 +++++++++---------- 1 file changed, 28 insertions(+), 30 deletions(-) diff --git a/src/main/java/com/devsecops/NumericController.java b/src/main/java/com/devsecops/NumericController.java index 99cc9d2ed..e60141a3c 100644 --- a/src/main/java/com/devsecops/NumericController.java +++ b/src/main/java/com/devsecops/NumericController.java @@ -11,37 +11,35 @@ @RestController public class NumericController { - private final Logger logger = LoggerFactory.getLogger(getClass()); - private static final String BASE_URL = "http://node-service:5000/plusone"; - RestTemplate restTemplate = new RestTemplate(); - - @RestController - public class compare { + private final Logger logger = LoggerFactory.getLogger(getClass()); + private static final String BASE_URL = "http://node-service:5000/plusone"; + private final RestTemplate restTemplate = new RestTemplate(); - @GetMapping("/") - public String welcome() { - return "Kubernetes DevSecOps"; - } + @RestController + public class Compare { - @GetMapping("/compare/{value}") - public String compareToFifty(@PathVariable int value) { - String message = "Could not determine comparison"; - if (value > 50) { - message = "Greater than 50"; - } else { - message = "Smaller than or equal to 50"; - } - return message; - } + @GetMapping("/") + String welcome() { + return "Kubernetes DevSecOps"; + } - @GetMapping("/increment/{value}") - public int increment(@PathVariable int value) { - ResponseEntity responseEntity = restTemplate.getForEntity(BASE_URL + '/' + value, String.class); - String response = responseEntity.getBody(); - logger.info("Value Received in Request - " + value); - logger.info("Node Service Response - " + response); - return Integer.parseInt(response); - } - } + @GetMapping("/compare/{value}") + String compareToFifty(@PathVariable int value) { + return value > 50 ? "Greater than 50" : "Smaller than or equal to 50"; + } -} \ No newline at end of file + @GetMapping("/increment/{value}") + int increment(@PathVariable int value) { + try { + ResponseEntity responseEntity = restTemplate.getForEntity(BASE_URL + '/' + value, String.class); + String response = responseEntity.getBody(); + logger.info("Value Received in Request - {}", value); + logger.info("Node Service Response - {}", response); + return Integer.parseInt(response); + } catch (NumberFormatException e) { + logger.error("Error parsing response to integer", e); + throw new RuntimeException("Failed to parse the response from Node Service"); + } + } + } +} From 47aba900e3f1bf70e961c1b353d592e08a9c3083 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 19:08:38 +0100 Subject: [PATCH 52/97] Fixing quality gate error for responseError --- src/main/java/com/devsecops/NumericController.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/devsecops/NumericController.java b/src/main/java/com/devsecops/NumericController.java index e60141a3c..0e0de2d6a 100644 --- a/src/main/java/com/devsecops/NumericController.java +++ b/src/main/java/com/devsecops/NumericController.java @@ -38,8 +38,14 @@ int increment(@PathVariable int value) { return Integer.parseInt(response); } catch (NumberFormatException e) { logger.error("Error parsing response to integer", e); - throw new RuntimeException("Failed to parse the response from Node Service"); + throw new ResponseParseException("Failed to parse the response from Node Service", e); } } } + + public static class ResponseParseException extends RuntimeException { + public ResponseParseException(String message, Throwable cause) { + super(message, cause); + } + } } From 8b151adabecaae1e2e7d6356e6b2c5e22c8fa62d Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 19:18:30 +0100 Subject: [PATCH 53/97] More sonarqube fixes --- .../java/com/devsecops/NumericController.java | 5 ++-- .../devsecops/NumericApplicationTests.java | 27 ++++++++----------- 2 files changed, 14 insertions(+), 18 deletions(-) diff --git a/src/main/java/com/devsecops/NumericController.java b/src/main/java/com/devsecops/NumericController.java index 0e0de2d6a..52c878884 100644 --- a/src/main/java/com/devsecops/NumericController.java +++ b/src/main/java/com/devsecops/NumericController.java @@ -37,12 +37,13 @@ int increment(@PathVariable int value) { logger.info("Node Service Response - {}", response); return Integer.parseInt(response); } catch (NumberFormatException e) { - logger.error("Error parsing response to integer", e); - throw new ResponseParseException("Failed to parse the response from Node Service", e); + logger.error("Error parsing response to integer. Value received: {}, Error: {}", value, e.getMessage()); + throw new ResponseParseException("Failed to parse the response from Node Service for value: " + value, e); } } } + // Custom exception class for handling response parse errors public static class ResponseParseException extends RuntimeException { public ResponseParseException(String message, Throwable cause) { super(message, cause); diff --git a/src/test/java/com/devsecops/NumericApplicationTests.java b/src/test/java/com/devsecops/NumericApplicationTests.java index 9662b29e1..619d6b98c 100644 --- a/src/test/java/com/devsecops/NumericApplicationTests.java +++ b/src/test/java/com/devsecops/NumericApplicationTests.java @@ -1,44 +1,39 @@ package com.devsecops; -import org.junit.jupiter.api.Test; // JUnit 5 import +import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.test.web.servlet.MockMvc; -import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; // Import -import org.springframework.test.web.servlet.result.MockMvcResultHandlers; // Import -import org.springframework.test.web.servlet.result.MockMvcResultMatchers; // Import +import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -@SpringBootTest +@SpringBootTest @AutoConfigureMockMvc -public class NumericApplicationTests { +class NumericApplicationTests { @Autowired private MockMvc mockMvc; @Test - public void smallerThanOrEqualToFiftyMessage() throws Exception { - this.mockMvc.perform(MockMvcRequestBuilders.get("/compare/50")) - .andDo(MockMvcResultHandlers.print()) + void smallerThanOrEqualToFiftyMessage() throws Exception { + this.mockMvc.perform(MockMvcRequestBuilders.get("/compare/50")) .andExpect(status().isOk()) .andExpect(content().string("Smaller than or equal to 50")); } @Test - public void greaterThanFiftyMessage() throws Exception { - this.mockMvc.perform(MockMvcRequestBuilders.get("/compare/51")) - .andDo(MockMvcResultHandlers.print()) + void greaterThanFiftyMessage() throws Exception { + this.mockMvc.perform(MockMvcRequestBuilders.get("/compare/51")) .andExpect(status().isOk()) .andExpect(content().string("Greater than 50")); } @Test - public void welcomeMessage() throws Exception { - this.mockMvc.perform(MockMvcRequestBuilders.get("/")) - .andDo(MockMvcResultHandlers.print()) + void welcomeMessage() throws Exception { + this.mockMvc.perform(MockMvcRequestBuilders.get("/")) .andExpect(status().isOk()) .andExpect(content().string("Kubernetes DevSecOps")); } From 05be1f2f5e5e92759f51307d0abccc3f3d9fffa6 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 19:24:37 +0100 Subject: [PATCH 54/97] More sonarqube gate fixes --- src/main/java/com/devsecops/NumericController.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/devsecops/NumericController.java b/src/main/java/com/devsecops/NumericController.java index 52c878884..7b31dd0ee 100644 --- a/src/main/java/com/devsecops/NumericController.java +++ b/src/main/java/com/devsecops/NumericController.java @@ -9,14 +9,14 @@ import org.springframework.web.client.RestTemplate; @RestController -public class NumericController { +class NumericController { private final Logger logger = LoggerFactory.getLogger(getClass()); private static final String BASE_URL = "http://node-service:5000/plusone"; private final RestTemplate restTemplate = new RestTemplate(); @RestController - public class Compare { + class Compare { @GetMapping("/") String welcome() { @@ -44,8 +44,8 @@ int increment(@PathVariable int value) { } // Custom exception class for handling response parse errors - public static class ResponseParseException extends RuntimeException { - public ResponseParseException(String message, Throwable cause) { + static class ResponseParseException extends RuntimeException { + ResponseParseException(String message, Throwable cause) { super(message, cause); } } From 4cf4f8618f3a7d790582556cc31644b251408cc4 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 19:31:22 +0100 Subject: [PATCH 55/97] More sonarqube gate fixes again --- .../java/com/devsecops/NumericController.java | 1 + .../devsecops/NumericApplicationTests.java | 25 +++++++++++-------- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/src/main/java/com/devsecops/NumericController.java b/src/main/java/com/devsecops/NumericController.java index 7b31dd0ee..aea723754 100644 --- a/src/main/java/com/devsecops/NumericController.java +++ b/src/main/java/com/devsecops/NumericController.java @@ -47,6 +47,7 @@ int increment(@PathVariable int value) { static class ResponseParseException extends RuntimeException { ResponseParseException(String message, Throwable cause) { super(message, cause); + // Optionally log here if more detail is needed across layers } } } diff --git a/src/test/java/com/devsecops/NumericApplicationTests.java b/src/test/java/com/devsecops/NumericApplicationTests.java index 619d6b98c..5fe22f074 100644 --- a/src/test/java/com/devsecops/NumericApplicationTests.java +++ b/src/test/java/com/devsecops/NumericApplicationTests.java @@ -6,7 +6,7 @@ import org.springframework.boot.test.context.SpringBootTest; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; - +import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; @@ -19,22 +19,27 @@ class NumericApplicationTests { @Test void smallerThanOrEqualToFiftyMessage() throws Exception { - this.mockMvc.perform(MockMvcRequestBuilders.get("/compare/50")) - .andExpect(status().isOk()) - .andExpect(content().string("Smaller than or equal to 50")); + mockMvc.perform(MockMvcRequestBuilders.get("/compare/50")) + .andDo(print()) + .andExpect(status().isOk()) + .andExpect(content().string("Smaller than or equal to 50")); } @Test void greaterThanFiftyMessage() throws Exception { - this.mockMvc.perform(MockMvcRequestBuilders.get("/compare/51")) - .andExpect(status().isOk()) - .andExpect(content().string("Greater than 50")); + mockMvc.perform(MockMvcRequestBuilders.get("/compare/51")) + .andDo(print()) + .andExpect(status().isOk()) + .andExpect(content().string("Greater than 50")); } @Test void welcomeMessage() throws Exception { - this.mockMvc.perform(MockMvcRequestBuilders.get("/")) - .andExpect(status().isOk()) - .andExpect(content().string("Kubernetes DevSecOps")); + mockMvc.perform(MockMvcRequestBuilders.get("/")) + .andDo(print()) + .andExpect(status().isOk()) + .andExpect(content().string("Kubernetes DevSecOps")); } + + // Consider adding more tests for error handling cases and other HTTP methods } From a2a78217f731699690bbd92d75cc995f11c7c9c7 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 19:42:32 +0100 Subject: [PATCH 56/97] More sonarqube gate fix --- src/main/java/com/devsecops/NumericController.java | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/src/main/java/com/devsecops/NumericController.java b/src/main/java/com/devsecops/NumericController.java index aea723754..d06d90ca5 100644 --- a/src/main/java/com/devsecops/NumericController.java +++ b/src/main/java/com/devsecops/NumericController.java @@ -9,14 +9,14 @@ import org.springframework.web.client.RestTemplate; @RestController -class NumericController { +public class NumericController { private final Logger logger = LoggerFactory.getLogger(getClass()); private static final String BASE_URL = "http://node-service:5000/plusone"; private final RestTemplate restTemplate = new RestTemplate(); @RestController - class Compare { + public class Compare { @GetMapping("/") String welcome() { @@ -43,11 +43,9 @@ int increment(@PathVariable int value) { } } - // Custom exception class for handling response parse errors - static class ResponseParseException extends RuntimeException { - ResponseParseException(String message, Throwable cause) { + public static class ResponseParseException extends RuntimeException { + public ResponseParseException(String message, Throwable cause) { super(message, cause); - // Optionally log here if more detail is needed across layers } } } From 16be0f94c5a8ecec366d24bd7dda954fcd4d6b3e Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 20:20:31 +0100 Subject: [PATCH 57/97] More sonarqube gate fix for code --- .../java/com/devsecops/NumericController.java | 12 +++---- .../devsecops/NumericApplicationTests.java | 36 +++++++++---------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/src/main/java/com/devsecops/NumericController.java b/src/main/java/com/devsecops/NumericController.java index d06d90ca5..7c8edf2b1 100644 --- a/src/main/java/com/devsecops/NumericController.java +++ b/src/main/java/com/devsecops/NumericController.java @@ -9,14 +9,14 @@ import org.springframework.web.client.RestTemplate; @RestController -public class NumericController { +class NumericController { private final Logger logger = LoggerFactory.getLogger(getClass()); private static final String BASE_URL = "http://node-service:5000/plusone"; private final RestTemplate restTemplate = new RestTemplate(); @RestController - public class Compare { + class Compare { @GetMapping("/") String welcome() { @@ -37,14 +37,14 @@ int increment(@PathVariable int value) { logger.info("Node Service Response - {}", response); return Integer.parseInt(response); } catch (NumberFormatException e) { - logger.error("Error parsing response to integer. Value received: {}, Error: {}", value, e.getMessage()); - throw new ResponseParseException("Failed to parse the response from Node Service for value: " + value, e); + logger.error("Error parsing response to integer", e); + throw new ResponseParseException("Failed to parse the response from Node Service", e); } } } - public static class ResponseParseException extends RuntimeException { - public ResponseParseException(String message, Throwable cause) { + static class ResponseParseException extends RuntimeException { + ResponseParseException(String message, Throwable cause) { super(message, cause); } } diff --git a/src/test/java/com/devsecops/NumericApplicationTests.java b/src/test/java/com/devsecops/NumericApplicationTests.java index 5fe22f074..48803afec 100644 --- a/src/test/java/com/devsecops/NumericApplicationTests.java +++ b/src/test/java/com/devsecops/NumericApplicationTests.java @@ -1,14 +1,16 @@ package com.devsecops; -import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.Test; // JUnit 5 import import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.test.web.servlet.MockMvc; -import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; -import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; +import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; // Import +import org.springframework.test.web.servlet.result.MockMvcResultHandlers; // Import +import org.springframework.test.web.servlet.result.MockMvcResultMatchers; // Import + import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; @SpringBootTest @AutoConfigureMockMvc @@ -19,27 +21,25 @@ class NumericApplicationTests { @Test void smallerThanOrEqualToFiftyMessage() throws Exception { - mockMvc.perform(MockMvcRequestBuilders.get("/compare/50")) - .andDo(print()) - .andExpect(status().isOk()) - .andExpect(content().string("Smaller than or equal to 50")); + this.mockMvc.perform(MockMvcRequestBuilders.get("/compare/50")) + .andDo(MockMvcResultHandlers.print()) + .andExpect(status().isOk()) + .andExpect(content().string("Smaller than or equal to 50")); } @Test void greaterThanFiftyMessage() throws Exception { - mockMvc.perform(MockMvcRequestBuilders.get("/compare/51")) - .andDo(print()) - .andExpect(status().isOk()) - .andExpect(content().string("Greater than 50")); + this.mockMvc.perform(MockMvcRequestBuilders.get("/compare/51")) + .andDo(MockMvcResultHandlers.print()) + .andExpect(status().isOk()) + .andExpect(content().string("Greater than 50")); } @Test void welcomeMessage() throws Exception { - mockMvc.perform(MockMvcRequestBuilders.get("/")) - .andDo(print()) - .andExpect(status().isOk()) - .andExpect(content().string("Kubernetes DevSecOps")); + this.mockMvc.perform(MockMvcRequestBuilders.get("/")) + .andDo(MockMvcResultHandlers.print()) + .andExpect(status().isOk()) + .andExpect(content().string("Kubernetes DevSecOps")); } - - // Consider adding more tests for error handling cases and other HTTP methods } From d103e862be836a0095707c3d769621488b0912e1 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 20:30:32 +0100 Subject: [PATCH 58/97] More sonarqube gate fix for code for error --- src/main/java/com/devsecops/NumericController.java | 12 ++++++------ .../com/devsecops/NumericApplicationTests.java | 14 +++++++------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/src/main/java/com/devsecops/NumericController.java b/src/main/java/com/devsecops/NumericController.java index 7c8edf2b1..d5d47b761 100644 --- a/src/main/java/com/devsecops/NumericController.java +++ b/src/main/java/com/devsecops/NumericController.java @@ -37,15 +37,15 @@ int increment(@PathVariable int value) { logger.info("Node Service Response - {}", response); return Integer.parseInt(response); } catch (NumberFormatException e) { - logger.error("Error parsing response to integer", e); - throw new ResponseParseException("Failed to parse the response from Node Service", e); + logger.error("Error parsing response to integer. Value received: {}, Error: {}", value, e.getMessage()); + throw new ResponseParseException("Failed to parse the response from Node Service for value: " + value, e); } } } +} - static class ResponseParseException extends RuntimeException { - ResponseParseException(String message, Throwable cause) { - super(message, cause); - } +class ResponseParseException extends RuntimeException { + ResponseParseException(String message, Throwable cause) { + super(message, cause); } } diff --git a/src/test/java/com/devsecops/NumericApplicationTests.java b/src/test/java/com/devsecops/NumericApplicationTests.java index 48803afec..afabcae6e 100644 --- a/src/test/java/com/devsecops/NumericApplicationTests.java +++ b/src/test/java/com/devsecops/NumericApplicationTests.java @@ -1,13 +1,13 @@ package com.devsecops; -import org.junit.jupiter.api.Test; // JUnit 5 import +import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.test.web.servlet.MockMvc; -import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; // Import -import org.springframework.test.web.servlet.result.MockMvcResultHandlers; // Import -import org.springframework.test.web.servlet.result.MockMvcResultMatchers; // Import +import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; +import org.springframework.test.web.servlet.result.MockMvcResultHandlers; +import org.springframework.test.web.servlet.result.MockMvcResultMatchers; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; @@ -21,7 +21,7 @@ class NumericApplicationTests { @Test void smallerThanOrEqualToFiftyMessage() throws Exception { - this.mockMvc.perform(MockMvcRequestBuilders.get("/compare/50")) + mockMvc.perform(MockMvcRequestBuilders.get("/compare/50")) .andDo(MockMvcResultHandlers.print()) .andExpect(status().isOk()) .andExpect(content().string("Smaller than or equal to 50")); @@ -29,7 +29,7 @@ void smallerThanOrEqualToFiftyMessage() throws Exception { @Test void greaterThanFiftyMessage() throws Exception { - this.mockMvc.perform(MockMvcRequestBuilders.get("/compare/51")) + mockMvc.perform(MockMvcRequestBuilders.get("/compare/51")) .andDo(MockMvcResultHandlers.print()) .andExpect(status().isOk()) .andExpect(content().string("Greater than 50")); @@ -37,7 +37,7 @@ void greaterThanFiftyMessage() throws Exception { @Test void welcomeMessage() throws Exception { - this.mockMvc.perform(MockMvcRequestBuilders.get("/")) + mockMvc.perform(MockMvcRequestBuilders.get("/")) .andDo(MockMvcResultHandlers.print()) .andExpect(status().isOk()) .andExpect(content().string("Kubernetes DevSecOps")); From 105df9e27224215f7ef883fcc6416aaafd42cd9e Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 21:22:59 +0100 Subject: [PATCH 59/97] quality gate fix --- src/main/java/com/devsecops/NumericController.java | 10 +++++----- .../java/com/devsecops/ResponseParseException.java | 7 +++++++ 2 files changed, 12 insertions(+), 5 deletions(-) create mode 100644 src/main/java/com/devsecops/ResponseParseException.java diff --git a/src/main/java/com/devsecops/NumericController.java b/src/main/java/com/devsecops/NumericController.java index d5d47b761..2f14cab9e 100644 --- a/src/main/java/com/devsecops/NumericController.java +++ b/src/main/java/com/devsecops/NumericController.java @@ -15,7 +15,6 @@ class NumericController { private static final String BASE_URL = "http://node-service:5000/plusone"; private final RestTemplate restTemplate = new RestTemplate(); - @RestController class Compare { @GetMapping("/") @@ -42,10 +41,11 @@ int increment(@PathVariable int value) { } } } -} -class ResponseParseException extends RuntimeException { - ResponseParseException(String message, Throwable cause) { - super(message, cause); + // Make sure this exception class is within the same file and visible + static class ResponseParseException extends RuntimeException { + public ResponseParseException(String message, Throwable cause) { + super(message, cause); + } } } diff --git a/src/main/java/com/devsecops/ResponseParseException.java b/src/main/java/com/devsecops/ResponseParseException.java new file mode 100644 index 000000000..37720a126 --- /dev/null +++ b/src/main/java/com/devsecops/ResponseParseException.java @@ -0,0 +1,7 @@ +package com.devsecops; + +public class ResponseParseException extends RuntimeException { + public ResponseParseException(String message, Throwable cause) { + super(message, cause); + } +} From 48afe1e4efcc0895887410562c6dfea9e40ec21f Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 21:34:12 +0100 Subject: [PATCH 60/97] quality gate fix again --- .../java/com/devsecops/NumericController.java | 43 +++++++++---------- 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/src/main/java/com/devsecops/NumericController.java b/src/main/java/com/devsecops/NumericController.java index 2f14cab9e..23f81dfbc 100644 --- a/src/main/java/com/devsecops/NumericController.java +++ b/src/main/java/com/devsecops/NumericController.java @@ -9,36 +9,33 @@ import org.springframework.web.client.RestTemplate; @RestController -class NumericController { +public class NumericController { private final Logger logger = LoggerFactory.getLogger(getClass()); private static final String BASE_URL = "http://node-service:5000/plusone"; private final RestTemplate restTemplate = new RestTemplate(); - class Compare { - - @GetMapping("/") - String welcome() { - return "Kubernetes DevSecOps"; - } + @GetMapping("/") + String welcome() { + return "Kubernetes DevSecOps"; + } - @GetMapping("/compare/{value}") - String compareToFifty(@PathVariable int value) { - return value > 50 ? "Greater than 50" : "Smaller than or equal to 50"; - } + @GetMapping("/compare/{value}") + String compareToFifty(@PathVariable int value) { + return value > 50 ? "Greater than 50" : "Smaller than or equal to 50"; + } - @GetMapping("/increment/{value}") - int increment(@PathVariable int value) { - try { - ResponseEntity responseEntity = restTemplate.getForEntity(BASE_URL + '/' + value, String.class); - String response = responseEntity.getBody(); - logger.info("Value Received in Request - {}", value); - logger.info("Node Service Response - {}", response); - return Integer.parseInt(response); - } catch (NumberFormatException e) { - logger.error("Error parsing response to integer. Value received: {}, Error: {}", value, e.getMessage()); - throw new ResponseParseException("Failed to parse the response from Node Service for value: " + value, e); - } + @GetMapping("/increment/{value}") + int increment(@PathVariable int value) { + try { + ResponseEntity responseEntity = restTemplate.getForEntity(BASE_URL + '/' + value, String.class); + String response = responseEntity.getBody(); + logger.info("Value Received in Request - {}", value); + logger.info("Node Service Response - {}", response); + return Integer.parseInt(response); + } catch (NumberFormatException e) { + logger.error("Error parsing response to integer. Value received: {}, Error: {}", value, e.getMessage()); + throw new ResponseParseException("Failed to parse the response from Node Service for value: " + value, e); } } From ca8ac98a9d6adb68284611377f3575e3a2e27bc4 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 22:05:03 +0100 Subject: [PATCH 61/97] More quality gate fix again --- .../java/com/devsecops/NumericController.java | 52 ++++++++++--------- .../devsecops/NumericApplicationTests.java | 23 ++++---- 2 files changed, 37 insertions(+), 38 deletions(-) diff --git a/src/main/java/com/devsecops/NumericController.java b/src/main/java/com/devsecops/NumericController.java index 23f81dfbc..1c08a1ccc 100644 --- a/src/main/java/com/devsecops/NumericController.java +++ b/src/main/java/com/devsecops/NumericController.java @@ -9,40 +9,42 @@ import org.springframework.web.client.RestTemplate; @RestController -public class NumericController { +class NumericController { private final Logger logger = LoggerFactory.getLogger(getClass()); private static final String BASE_URL = "http://node-service:5000/plusone"; private final RestTemplate restTemplate = new RestTemplate(); - @GetMapping("/") - String welcome() { - return "Kubernetes DevSecOps"; - } + class Compare { - @GetMapping("/compare/{value}") - String compareToFifty(@PathVariable int value) { - return value > 50 ? "Greater than 50" : "Smaller than or equal to 50"; - } + @GetMapping("/") + String welcome() { + return "Kubernetes DevSecOps"; + } - @GetMapping("/increment/{value}") - int increment(@PathVariable int value) { - try { - ResponseEntity responseEntity = restTemplate.getForEntity(BASE_URL + '/' + value, String.class); - String response = responseEntity.getBody(); - logger.info("Value Received in Request - {}", value); - logger.info("Node Service Response - {}", response); - return Integer.parseInt(response); - } catch (NumberFormatException e) { - logger.error("Error parsing response to integer. Value received: {}, Error: {}", value, e.getMessage()); - throw new ResponseParseException("Failed to parse the response from Node Service for value: " + value, e); + @GetMapping("/compare/{value}") + String compareToFifty(@PathVariable int value) { + return value > 50 ? "Greater than 50" : "Smaller than or equal to 50"; } - } - // Make sure this exception class is within the same file and visible - static class ResponseParseException extends RuntimeException { - public ResponseParseException(String message, Throwable cause) { - super(message, cause); + @GetMapping("/increment/{value}") + int increment(@PathVariable int value) { + try { + ResponseEntity responseEntity = restTemplate.getForEntity(BASE_URL + '/' + value, String.class); + String response = responseEntity.getBody(); + logger.info("Value Received in Request - {}", value); + logger.info("Node Service Response - {}", response); + return Integer.parseInt(response); + } catch (NumberFormatException e) { + logger.error("Error parsing response to integer. Value received: {}, Error: {}", value, e.getMessage()); + throw new ResponseParseException("Failed to parse the response from Node Service for value: " + value, e); + } } } } + +class ResponseParseException extends RuntimeException { + public ResponseParseException(String message, Throwable cause) { + super(message, cause); + } +} diff --git a/src/test/java/com/devsecops/NumericApplicationTests.java b/src/test/java/com/devsecops/NumericApplicationTests.java index afabcae6e..dcdf0fab9 100644 --- a/src/test/java/com/devsecops/NumericApplicationTests.java +++ b/src/test/java/com/devsecops/NumericApplicationTests.java @@ -9,10 +9,7 @@ import org.springframework.test.web.servlet.result.MockMvcResultHandlers; import org.springframework.test.web.servlet.result.MockMvcResultMatchers; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; - -@SpringBootTest +@SpringBootTest @AutoConfigureMockMvc class NumericApplicationTests { @@ -21,25 +18,25 @@ class NumericApplicationTests { @Test void smallerThanOrEqualToFiftyMessage() throws Exception { - mockMvc.perform(MockMvcRequestBuilders.get("/compare/50")) + this.mockMvc.perform(MockMvcRequestBuilders.get("/compare/50")) .andDo(MockMvcResultHandlers.print()) - .andExpect(status().isOk()) - .andExpect(content().string("Smaller than or equal to 50")); + .andExpect(MockMvcResultMatchers.status().isOk()) + .andExpect(MockMvcResultMatchers.content().string("Smaller than or equal to 50")); } @Test void greaterThanFiftyMessage() throws Exception { - mockMvc.perform(MockMvcRequestBuilders.get("/compare/51")) + this.mockMvc.perform(MockMvcRequestBuilders.get("/compare/51")) .andDo(MockMvcResultHandlers.print()) - .andExpect(status().isOk()) - .andExpect(content().string("Greater than 50")); + .andExpect(MockMvcResultMatchers.status().isOk()) + .andExpect(MockMvcResultMatchers.content().string("Greater than 50")); } @Test void welcomeMessage() throws Exception { - mockMvc.perform(MockMvcRequestBuilders.get("/")) + this.mockMvc.perform(MockMvcRequestBuilders.get("/")) .andDo(MockMvcResultHandlers.print()) - .andExpect(status().isOk()) - .andExpect(content().string("Kubernetes DevSecOps")); + .andExpect(MockMvcResultMatchers.status().isOk()) + .andExpect(MockMvcResultMatchers.content().string("Kubernetes DevSecOps")); } } From 74c03563bd02de960fac2412d33f970bc294418c Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 22:08:17 +0100 Subject: [PATCH 62/97] More quality gate fixes --- .../java/com/devsecops/NumericController.java | 52 +++++++++---------- .../devsecops/NumericApplicationTests.java | 35 ++++++------- 2 files changed, 41 insertions(+), 46 deletions(-) diff --git a/src/main/java/com/devsecops/NumericController.java b/src/main/java/com/devsecops/NumericController.java index 1c08a1ccc..23f81dfbc 100644 --- a/src/main/java/com/devsecops/NumericController.java +++ b/src/main/java/com/devsecops/NumericController.java @@ -9,42 +9,40 @@ import org.springframework.web.client.RestTemplate; @RestController -class NumericController { +public class NumericController { private final Logger logger = LoggerFactory.getLogger(getClass()); private static final String BASE_URL = "http://node-service:5000/plusone"; private final RestTemplate restTemplate = new RestTemplate(); - class Compare { - - @GetMapping("/") - String welcome() { - return "Kubernetes DevSecOps"; - } + @GetMapping("/") + String welcome() { + return "Kubernetes DevSecOps"; + } - @GetMapping("/compare/{value}") - String compareToFifty(@PathVariable int value) { - return value > 50 ? "Greater than 50" : "Smaller than or equal to 50"; - } + @GetMapping("/compare/{value}") + String compareToFifty(@PathVariable int value) { + return value > 50 ? "Greater than 50" : "Smaller than or equal to 50"; + } - @GetMapping("/increment/{value}") - int increment(@PathVariable int value) { - try { - ResponseEntity responseEntity = restTemplate.getForEntity(BASE_URL + '/' + value, String.class); - String response = responseEntity.getBody(); - logger.info("Value Received in Request - {}", value); - logger.info("Node Service Response - {}", response); - return Integer.parseInt(response); - } catch (NumberFormatException e) { - logger.error("Error parsing response to integer. Value received: {}, Error: {}", value, e.getMessage()); - throw new ResponseParseException("Failed to parse the response from Node Service for value: " + value, e); - } + @GetMapping("/increment/{value}") + int increment(@PathVariable int value) { + try { + ResponseEntity responseEntity = restTemplate.getForEntity(BASE_URL + '/' + value, String.class); + String response = responseEntity.getBody(); + logger.info("Value Received in Request - {}", value); + logger.info("Node Service Response - {}", response); + return Integer.parseInt(response); + } catch (NumberFormatException e) { + logger.error("Error parsing response to integer. Value received: {}, Error: {}", value, e.getMessage()); + throw new ResponseParseException("Failed to parse the response from Node Service for value: " + value, e); } } -} -class ResponseParseException extends RuntimeException { - public ResponseParseException(String message, Throwable cause) { - super(message, cause); + // Make sure this exception class is within the same file and visible + static class ResponseParseException extends RuntimeException { + public ResponseParseException(String message, Throwable cause) { + super(message, cause); + } } } diff --git a/src/test/java/com/devsecops/NumericApplicationTests.java b/src/test/java/com/devsecops/NumericApplicationTests.java index dcdf0fab9..2ab21f52a 100644 --- a/src/test/java/com/devsecops/NumericApplicationTests.java +++ b/src/test/java/com/devsecops/NumericApplicationTests.java @@ -2,14 +2,14 @@ import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; -import org.springframework.test.web.servlet.result.MockMvcResultHandlers; -import org.springframework.test.web.servlet.result.MockMvcResultMatchers; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; -@SpringBootTest +@SpringBootTest @AutoConfigureMockMvc class NumericApplicationTests { @@ -17,26 +17,23 @@ class NumericApplicationTests { private MockMvc mockMvc; @Test - void smallerThanOrEqualToFiftyMessage() throws Exception { - this.mockMvc.perform(MockMvcRequestBuilders.get("/compare/50")) - .andDo(MockMvcResultHandlers.print()) - .andExpect(MockMvcResultMatchers.status().isOk()) - .andExpect(MockMvcResultMatchers.content().string("Smaller than or equal to 50")); + void welcomeMessage() throws Exception { + mockMvc.perform(MockMvcRequestBuilders.get("/")) + .andExpect(status().isOk()) + .andExpect(content().string("Kubernetes DevSecOps")); } @Test - void greaterThanFiftyMessage() throws Exception { - this.mockMvc.perform(MockMvcRequestBuilders.get("/compare/51")) - .andDo(MockMvcResultHandlers.print()) - .andExpect(MockMvcResultMatchers.status().isOk()) - .andExpect(MockMvcResultMatchers.content().string("Greater than 50")); + void smallerThanOrEqualToFiftyMessage() throws Exception { + mockMvc.perform(MockMvcRequestBuilders.get("/compare/50")) + .andExpect(status().isOk()) + .andExpect(content().string("Smaller than or equal to 50")); } @Test - void welcomeMessage() throws Exception { - this.mockMvc.perform(MockMvcRequestBuilders.get("/")) - .andDo(MockMvcResultHandlers.print()) - .andExpect(MockMvcResultMatchers.status().isOk()) - .andExpect(MockMvcResultMatchers.content().string("Kubernetes DevSecOps")); + void greaterThanFiftyMessage() throws Exception { + mockMvc.perform(MockMvcRequestBuilders.get("/compare/51")) + .andExpect(status().isOk()) + .andExpect(content().string("Greater than 50")); } } From c487e5d40d7935e125eff6cd6eb7fddac6ea157a Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 22:35:21 +0100 Subject: [PATCH 63/97] fixing errors --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index c90c49343..e494c7fd1 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.springframework.boot spring-boot-starter-parent - 3.0.3 + 3.1.1 com.devsecops @@ -17,7 +17,7 @@ UTF-8 UTF-8 - 1.8 + 1.8 @@ -48,7 +48,7 @@ org.jacoco jacoco-maven-plugin - 0.8.7 + 0.8.7 prepare-agent From 575291811d12956e8eaa3c42184b9ace60ac555b Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 22:43:22 +0100 Subject: [PATCH 64/97] upgrading java --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e494c7fd1..160e3a835 100644 --- a/pom.xml +++ b/pom.xml @@ -17,7 +17,7 @@ UTF-8 UTF-8 - 1.8 + 17 From 5d738fd4f8b5338a76b75c25070a6e4edb411eb6 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 22:51:29 +0100 Subject: [PATCH 65/97] upgrading plugins --- pom.xml | 96 ++++++++++++++++++++++++++------------------------------- 1 file changed, 44 insertions(+), 52 deletions(-) diff --git a/pom.xml b/pom.xml index 160e3a835..0d9de6ac4 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.springframework.boot spring-boot-starter-parent - 3.1.1 + 3.1.1 com.devsecops @@ -17,7 +17,7 @@ UTF-8 UTF-8 - 17 + 17 @@ -26,7 +26,6 @@ spring-boot-starter-web - org.springframework.boot spring-boot-starter @@ -48,58 +47,51 @@ org.jacoco jacoco-maven-plugin - 0.8.7 + 0.8.7 - - prepare-agent - - prepare-agent - - - - report - test - - report - - + + prepare-agent + + prepare-agent + + + + report + test + + report + + - - - - - org.pitest - pitest-maven - 1.5.0 - - - org.pitest - pitest-junit5-plugin - 0.12 - - - - 70 - - HTML - XML - - - - - - org.owasp - dependency-check-maven - 6.1.6 - - 5 - ALL - - - - + + org.pitest + pitest-maven + 1.7.0 + + + org.pitest + pitest-junit5-plugin + 0.14 + + + + 70 + + HTML + XML + + + + + org.owasp + dependency-check-maven + 6.1.6 + + 5 + ALL + + - From a88ac7bdbb219a2341a057b666c57705e38de10a Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 22:57:57 +0100 Subject: [PATCH 66/97] upgrading more plugins --- pom.xml | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/pom.xml b/pom.xml index 0d9de6ac4..c194e1ecb 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.springframework.boot spring-boot-starter-parent - 3.1.1 + 3.1.3 com.devsecops @@ -17,7 +17,7 @@ UTF-8 UTF-8 - 17 + 17 @@ -25,12 +25,18 @@ org.springframework.boot spring-boot-starter-web - + org.springframework.boot spring-boot-starter + + com.fasterxml.jackson.core + jackson-core + 2.15.1 + + org.springframework.boot spring-boot-starter-test @@ -47,7 +53,7 @@ org.jacoco jacoco-maven-plugin - 0.8.7 + 0.8.7 prepare-agent @@ -67,12 +73,12 @@ org.pitest pitest-maven - 1.7.0 + 1.7.0 org.pitest pitest-junit5-plugin - 0.14 + 0.14 @@ -86,10 +92,10 @@ org.owasp dependency-check-maven - 6.1.6 + 6.5.0 - 5 - ALL + 4 + ALL From f20ad203854a380d5ddb1d6615324edebdaa5422 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 23:04:58 +0100 Subject: [PATCH 67/97] upgrading more pom plugins --- pom.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index c194e1ecb..8f9d76570 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.springframework.boot spring-boot-starter-parent - 3.1.3 + 3.1.3 com.devsecops @@ -34,7 +34,7 @@ com.fasterxml.jackson.core jackson-core - 2.15.1 + 2.15.2 @@ -53,7 +53,7 @@ org.jacoco jacoco-maven-plugin - 0.8.7 + 0.8.7 prepare-agent @@ -95,7 +95,7 @@ 6.5.0 4 - ALL + ALL From 39c3f886b5d6cd4d3bf1a1f5e8dcae06357d826e Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 23:26:16 +0100 Subject: [PATCH 68/97] upgrading more pom.xml plugins --- pom.xml | 178 ++++++++++++++++++++++++++------------------------------ 1 file changed, 84 insertions(+), 94 deletions(-) diff --git a/pom.xml b/pom.xml index 8f9d76570..a4878e561 100644 --- a/pom.xml +++ b/pom.xml @@ -1,103 +1,93 @@ - - 4.0.0 - - org.springframework.boot - spring-boot-starter-parent - 3.1.3 - + + 4.0.0 + + org.springframework.boot + spring-boot-starter-parent + 3.1.3 + - com.devsecops - numeric - 0.0.1 - numeric - Demo for DevSecOps + com.devsecops + numeric + 0.0.1 + numeric + Demo for DevSecOps - - UTF-8 - UTF-8 - 17 - + + UTF-8 + UTF-8 + 17 + - - - org.springframework.boot - spring-boot-starter-web - + + + org.springframework.boot + spring-boot-starter-web + - - org.springframework.boot - spring-boot-starter - + + org.springframework.boot + spring-boot-starter + - - com.fasterxml.jackson.core - jackson-core - 2.15.2 - + + ch.qos.logback + logback-classic + 1.2.10 + - - org.springframework.boot - spring-boot-starter-test - test - - + + org.springframework.boot + spring-boot-starter-aop + - - - - org.springframework.boot - spring-boot-maven-plugin - - - org.jacoco - jacoco-maven-plugin - 0.8.7 - - - prepare-agent - - prepare-agent - - - - report - test - - report - - - - - - org.pitest - pitest-maven - 1.7.0 - - - org.pitest - pitest-junit5-plugin - 0.14 - - - - 70 - - HTML - XML - - - - - org.owasp - dependency-check-maven - 6.5.0 - - 4 - ALL - - - - + + org.springframework.boot + spring-boot-starter-test + test + + + + + + + org.springframework.boot + spring-boot-maven-plugin + + + org.jacoco + jacoco-maven-plugin + 0.8.7 + + + prepare-agent + + prepare-agent + + + + report + test + + report + + + + + + org.pitest + pitest-maven + 1.7.0 + + 70 + + HTML + XML + + + + + From d06b739bcb3f708121899948b63aa337c072fd64 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Fri, 3 May 2024 23:37:24 +0100 Subject: [PATCH 69/97] upgrading more pom.xml plugins. --- pom.xml | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/pom.xml b/pom.xml index a4878e561..4e72f10f4 100644 --- a/pom.xml +++ b/pom.xml @@ -3,6 +3,7 @@ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> 4.0.0 + org.springframework.boot spring-boot-starter-parent @@ -28,14 +29,21 @@ - org.springframework.boot - spring-boot-starter + org.yaml + snakeyaml + 1.29 + + + + com.fasterxml.jackson.core + jackson-core + 2.13.3 ch.qos.logback logback-classic - 1.2.10 + 1.4.11 @@ -76,18 +84,6 @@ - - org.pitest - pitest-maven - 1.7.0 - - 70 - - HTML - XML - - - From a631b16594625b25948cc45c6ef689a8e756d840 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 4 May 2024 00:27:03 +0100 Subject: [PATCH 70/97] upgrading more pom.xml plugins for jenkins --- pom.xml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/pom.xml b/pom.xml index 4e72f10f4..ab612aa98 100644 --- a/pom.xml +++ b/pom.xml @@ -84,6 +84,29 @@ + + + org.pitest + pitest-maven + 1.6.7 + + + org.pitest + pitest-junit5-plugin + 0.14 + + + + 70 + + HTML + XML + + + com.devsecops.tests.* + + + From 08e3a011e32f9794396e27c0f1b43b89e7db897f Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 4 May 2024 00:41:40 +0100 Subject: [PATCH 71/97] upgrading more pom.xml plugins for jenkins pipeline --- pom.xml | 62 ++++++++++++++------------------------------------------- 1 file changed, 15 insertions(+), 47 deletions(-) diff --git a/pom.xml b/pom.xml index ab612aa98..224ff584b 100644 --- a/pom.xml +++ b/pom.xml @@ -28,29 +28,6 @@ spring-boot-starter-web - - org.yaml - snakeyaml - 1.29 - - - - com.fasterxml.jackson.core - jackson-core - 2.13.3 - - - - ch.qos.logback - logback-classic - 1.4.11 - - - - org.springframework.boot - spring-boot-starter-aop - - org.springframework.boot spring-boot-starter-test @@ -64,13 +41,27 @@ org.springframework.boot spring-boot-maven-plugin + + org.pitest + pitest-maven + 1.6.7 + + + com.devsecops.* + + + com.devsecops.tests* + + 70 + 4000 + + org.jacoco jacoco-maven-plugin 0.8.7 - prepare-agent prepare-agent @@ -84,29 +75,6 @@ - - - org.pitest - pitest-maven - 1.6.7 - - - org.pitest - pitest-junit5-plugin - 0.14 - - - - 70 - - HTML - XML - - - com.devsecops.tests.* - - - From 92e15c06578471dafd63a04007ba3729d78b7fda Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 7 May 2024 18:29:15 +0100 Subject: [PATCH 72/97] quality gate --- .../java/com/devsecops/NumericController.java | 48 ++++++++++--------- .../com/devsecops/ResponseParseException.java | 4 ++ .../devsecops/NumericApplicationTests.java | 29 +++++------ 3 files changed, 45 insertions(+), 36 deletions(-) diff --git a/src/main/java/com/devsecops/NumericController.java b/src/main/java/com/devsecops/NumericController.java index 23f81dfbc..7b31dd0ee 100644 --- a/src/main/java/com/devsecops/NumericController.java +++ b/src/main/java/com/devsecops/NumericController.java @@ -9,39 +9,43 @@ import org.springframework.web.client.RestTemplate; @RestController -public class NumericController { +class NumericController { private final Logger logger = LoggerFactory.getLogger(getClass()); private static final String BASE_URL = "http://node-service:5000/plusone"; private final RestTemplate restTemplate = new RestTemplate(); - @GetMapping("/") - String welcome() { - return "Kubernetes DevSecOps"; - } + @RestController + class Compare { - @GetMapping("/compare/{value}") - String compareToFifty(@PathVariable int value) { - return value > 50 ? "Greater than 50" : "Smaller than or equal to 50"; - } + @GetMapping("/") + String welcome() { + return "Kubernetes DevSecOps"; + } + + @GetMapping("/compare/{value}") + String compareToFifty(@PathVariable int value) { + return value > 50 ? "Greater than 50" : "Smaller than or equal to 50"; + } - @GetMapping("/increment/{value}") - int increment(@PathVariable int value) { - try { - ResponseEntity responseEntity = restTemplate.getForEntity(BASE_URL + '/' + value, String.class); - String response = responseEntity.getBody(); - logger.info("Value Received in Request - {}", value); - logger.info("Node Service Response - {}", response); - return Integer.parseInt(response); - } catch (NumberFormatException e) { - logger.error("Error parsing response to integer. Value received: {}, Error: {}", value, e.getMessage()); - throw new ResponseParseException("Failed to parse the response from Node Service for value: " + value, e); + @GetMapping("/increment/{value}") + int increment(@PathVariable int value) { + try { + ResponseEntity responseEntity = restTemplate.getForEntity(BASE_URL + '/' + value, String.class); + String response = responseEntity.getBody(); + logger.info("Value Received in Request - {}", value); + logger.info("Node Service Response - {}", response); + return Integer.parseInt(response); + } catch (NumberFormatException e) { + logger.error("Error parsing response to integer. Value received: {}, Error: {}", value, e.getMessage()); + throw new ResponseParseException("Failed to parse the response from Node Service for value: " + value, e); + } } } - // Make sure this exception class is within the same file and visible + // Custom exception class for handling response parse errors static class ResponseParseException extends RuntimeException { - public ResponseParseException(String message, Throwable cause) { + ResponseParseException(String message, Throwable cause) { super(message, cause); } } diff --git a/src/main/java/com/devsecops/ResponseParseException.java b/src/main/java/com/devsecops/ResponseParseException.java index 37720a126..13aafff56 100644 --- a/src/main/java/com/devsecops/ResponseParseException.java +++ b/src/main/java/com/devsecops/ResponseParseException.java @@ -1,6 +1,10 @@ package com.devsecops; public class ResponseParseException extends RuntimeException { + public ResponseParseException(String message) { + super(message); + } + public ResponseParseException(String message, Throwable cause) { super(message, cause); } diff --git a/src/test/java/com/devsecops/NumericApplicationTests.java b/src/test/java/com/devsecops/NumericApplicationTests.java index 2ab21f52a..619d6b98c 100644 --- a/src/test/java/com/devsecops/NumericApplicationTests.java +++ b/src/test/java/com/devsecops/NumericApplicationTests.java @@ -2,12 +2,13 @@ import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.test.context.SpringBootTest; import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; +import org.springframework.boot.test.context.SpringBootTest; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; @SpringBootTest @AutoConfigureMockMvc @@ -17,23 +18,23 @@ class NumericApplicationTests { private MockMvc mockMvc; @Test - void welcomeMessage() throws Exception { - mockMvc.perform(MockMvcRequestBuilders.get("/")) - .andExpect(status().isOk()) - .andExpect(content().string("Kubernetes DevSecOps")); + void smallerThanOrEqualToFiftyMessage() throws Exception { + this.mockMvc.perform(MockMvcRequestBuilders.get("/compare/50")) + .andExpect(status().isOk()) + .andExpect(content().string("Smaller than or equal to 50")); } @Test - void smallerThanOrEqualToFiftyMessage() throws Exception { - mockMvc.perform(MockMvcRequestBuilders.get("/compare/50")) - .andExpect(status().isOk()) - .andExpect(content().string("Smaller than or equal to 50")); + void greaterThanFiftyMessage() throws Exception { + this.mockMvc.perform(MockMvcRequestBuilders.get("/compare/51")) + .andExpect(status().isOk()) + .andExpect(content().string("Greater than 50")); } @Test - void greaterThanFiftyMessage() throws Exception { - mockMvc.perform(MockMvcRequestBuilders.get("/compare/51")) - .andExpect(status().isOk()) - .andExpect(content().string("Greater than 50")); + void welcomeMessage() throws Exception { + this.mockMvc.perform(MockMvcRequestBuilders.get("/")) + .andExpect(status().isOk()) + .andExpect(content().string("Kubernetes DevSecOps")); } } From ce82fdded41322f33628c9962f80e07267ddb364 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 7 May 2024 18:37:51 +0100 Subject: [PATCH 73/97] quality gate pom xml fix --- pom.xml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 224ff584b..ad3d09ba2 100644 --- a/pom.xml +++ b/pom.xml @@ -50,10 +50,13 @@ com.devsecops.* - com.devsecops.tests* + com.devsecops.tests.* 70 4000 + + XML + From e666e95d083ecd3c32ce4e09d5e7e86e33643794 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 7 May 2024 18:44:53 +0100 Subject: [PATCH 74/97] quality gate pom xml fi 2x --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index ad3d09ba2..a57f2d8af 100644 --- a/pom.xml +++ b/pom.xml @@ -50,7 +50,7 @@ com.devsecops.* - com.devsecops.tests.* + com.devsecops.test.* 70 4000 From 7cda40aa214be6c0f953c9a909662247df9f1b15 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 7 May 2024 19:19:32 +0100 Subject: [PATCH 75/97] quality gate pom fix --- pom.xml | 172 +++++++++++++++++++++++++++++++------------------------- 1 file changed, 96 insertions(+), 76 deletions(-) diff --git a/pom.xml b/pom.xml index a57f2d8af..e0e60b76a 100644 --- a/pom.xml +++ b/pom.xml @@ -1,83 +1,103 @@ - - 4.0.0 + + 4.0.0 + + org.springframework.boot + spring-boot-starter-parent + 3.1.3 + - - org.springframework.boot - spring-boot-starter-parent - 3.1.3 - + com.devsecops + numeric + 0.0.1 + numeric + Demo for DevSecOps - com.devsecops - numeric - 0.0.1 - numeric - Demo for DevSecOps + + UTF-8 + UTF-8 + 17 + - - UTF-8 - UTF-8 - 17 - + + + org.springframework.boot + spring-boot-starter-web + - - - org.springframework.boot - spring-boot-starter-web - + + org.springframework.boot + spring-boot-starter + - - org.springframework.boot - spring-boot-starter-test - test - - + + com.fasterxml.jackson.core + jackson-core + 2.15.2 + - - - - org.springframework.boot - spring-boot-maven-plugin - - - org.pitest - pitest-maven - 1.6.7 - - - com.devsecops.* - - - com.devsecops.test.* - - 70 - 4000 - - XML - - - - - org.jacoco - jacoco-maven-plugin - 0.8.7 - - - - prepare-agent - - - - report - test - - report - - - - - - - + + org.springframework.boot + spring-boot-starter-test + test + + + + + + + org.springframework.boot + spring-boot-maven-plugin + + + org.jacoco + jacoco-maven-plugin + 0.8.7 + + + prepare-agent + + prepare-agent + + + + report + test + + report + + + + + + org.pitest + pitest-maven + 1.7.0 + + + org.pitest + pitest-junit5-plugin + 0.14 + + + + 70 + + HTML + XML + + + + + org.owasp + dependency-check-maven + 6.5.0 + + 4 + ALL + + + + + \ No newline at end of file From 52395d7e90c096ce866049df69e8d545712f44a1 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 7 May 2024 19:37:08 +0100 Subject: [PATCH 76/97] quality gate pom fix testing dependency-check --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e0e60b76a..75ecb15c2 100644 --- a/pom.xml +++ b/pom.xml @@ -94,7 +94,7 @@ dependency-check-maven 6.5.0 - 4 + 20 ALL From d0f14834f06e961c14ec00bca5b1d0032be6e307 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 7 May 2024 20:45:47 +0100 Subject: [PATCH 77/97] Trivy setup --- Jenkinsfile | 10 ++++++++++ trivy-docker-image-scan.sh | 23 +++++++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 trivy-docker-image-scan.sh diff --git a/Jenkinsfile b/Jenkinsfile index 6145e2a71..e2a08277c 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -61,6 +61,7 @@ pipeline { } stage('Vulberability Scan - Docker') { steps { + parallel( script { sh "mvn dependency-check:check"} } @@ -68,7 +69,16 @@ pipeline { always { dependencyCheckPublisher pattern: 'target/dependency-check-report.xml' } + }, + "Trivy Scan": { + steps { + script { + sh "bash trivy-docker-image-scan.sh" + //trivy image --exit-code 0 --severity HIGH,CRITICAL manlikeabz/numeric-app:${GIT_COMMIT} + } + } } + ) } stage('Docker Build and Push') { diff --git a/trivy-docker-image-scan.sh b/trivy-docker-image-scan.sh new file mode 100644 index 000000000..b1cfc7db9 --- /dev/null +++ b/trivy-docker-image-scan.sh @@ -0,0 +1,23 @@ +#!/bin/bash +dockerImageName=$(awk 'NR==1 {print $2}' Dockerfile) +echo $dockerImageName + +docker run --rm -v $WORKSPACE:/root/.cache/aquasec/trivy:0.51.1 -q image-exit-code 0-severity HIGH-Light $dockerImageName +docker run --rm -v $WORKSPACE:/root/.cache/aquasec/trivy:0.51.1 image exit-code 1-severity CRITICAL --light $dockerImageName + + #Trivy scan result processing + exit_code=$? + + echo "Exit Code : $exit_code" + + #Check scan results + if + [[ "${exit_code}" -eq 1 ]]; + + then + + echo "Image scanning failed. Vulnerabilities found" + exit 1 + else + echo "Image scanning passed. No vulnerabilities found" + fi; From 6054010c8e869c81cbbf752517747ec2c5f88176 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Tue, 7 May 2024 20:46:25 +0100 Subject: [PATCH 78/97] Trivy setup --- .talismanrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.talismanrc b/.talismanrc index 3a028582a..bc72ab67f 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,4 +1,4 @@ fileignoreconfig: - filename: Jenkinsfile - checksum: 195670ced112695c583ecfd36f6f022aac1a0cb723f4746dc433966f567880c4 + checksum: 2a493d680e1feb5cc1a25abfe508a3df85dd9d1f1cad74a6ca412c26a97d5fff version: "" \ No newline at end of file From 696df62f673bdb5bc9c3d679d812f50ed869e841 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Wed, 29 May 2024 21:23:44 +0100 Subject: [PATCH 79/97] Trivy setup with jenkinsfile --- Jenkinsfile | 36 ++++++++++++++++++++---------------- trivy-docker-image-scan.sh | 2 +- 2 files changed, 21 insertions(+), 17 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index e2a08277c..fc490e126 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -59,26 +59,30 @@ pipeline { } } } - stage('Vulberability Scan - Docker') { - steps { - parallel( - script { - sh "mvn dependency-check:check"} - } - post { - always { - dependencyCheckPublisher pattern: 'target/dependency-check-report.xml' + + stage('Vulnerability Scan - Docker') { + parallel { + "Maven Dependency Check": { + steps { + script { + sh "mvn dependency-check:check" + } + } + post { + always { + dependencyCheckPublisher pattern: 'target/dependency-check-report.xml' + } + } } - }, - "Trivy Scan": { - steps { - script { - sh "bash trivy-docker-image-scan.sh" - //trivy image --exit-code 0 --severity HIGH,CRITICAL manlikeabz/numeric-app:${GIT_COMMIT} + "Trivy Scan": { + steps { + script { + sh "bash trivy-docker-image-scan.sh" + //trivy image --exit-code 0 --severity HIGH,CRITICAL manlikeabz/numeric-app:${GIT_COMMIT} + } } } } - ) } stage('Docker Build and Push') { diff --git a/trivy-docker-image-scan.sh b/trivy-docker-image-scan.sh index b1cfc7db9..71f3dee7f 100644 --- a/trivy-docker-image-scan.sh +++ b/trivy-docker-image-scan.sh @@ -19,5 +19,5 @@ docker run --rm -v $WORKSPACE:/root/.cache/aquasec/trivy:0.51.1 image exit-code echo "Image scanning failed. Vulnerabilities found" exit 1 else - echo "Image scanning passed. No vulnerabilities found" + echo "Image scanning passed. No CRITICAL vulnerabilities found" fi; From 187dd5d2b9a4302c7d4427dc47f1b36097a7a009 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Wed, 29 May 2024 21:24:27 +0100 Subject: [PATCH 80/97] Trivy setup with jenkinsfile and talisman --- .talismanrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.talismanrc b/.talismanrc index bc72ab67f..c9e789c10 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,4 +1,4 @@ fileignoreconfig: - filename: Jenkinsfile - checksum: 2a493d680e1feb5cc1a25abfe508a3df85dd9d1f1cad74a6ca412c26a97d5fff + checksum: 37aa732ae41ee0a8962e1ead31143cfe89209a20bca58a1525279cc2849a0ed7 version: "" \ No newline at end of file From 7f81350fefb1e57a26d9fea672d4aafc9c874618 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Wed, 29 May 2024 21:43:16 +0100 Subject: [PATCH 81/97] fixing formatting errors --- Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index fc490e126..89c414555 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -62,7 +62,7 @@ pipeline { stage('Vulnerability Scan - Docker') { parallel { - "Maven Dependency Check": { + stage('Maven Dependency Check') { steps { script { sh "mvn dependency-check:check" @@ -74,7 +74,7 @@ pipeline { } } } - "Trivy Scan": { + stage('Trivy Scan') { steps { script { sh "bash trivy-docker-image-scan.sh" From 25af53c83339ae5d0047d2138a7278fef5e59235 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Wed, 29 May 2024 21:43:51 +0100 Subject: [PATCH 82/97] talisman --- .talismanrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.talismanrc b/.talismanrc index c9e789c10..07c324a79 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,4 +1,4 @@ fileignoreconfig: - filename: Jenkinsfile - checksum: 37aa732ae41ee0a8962e1ead31143cfe89209a20bca58a1525279cc2849a0ed7 + checksum: c52255ffa78b5160831b3d4a6df6f7312894c7e7cc222c0a4e8515302cb5e177 version: "" \ No newline at end of file From b986a69c5d894e63135e1eeae2f8c91efbe24317 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Wed, 29 May 2024 21:56:02 +0100 Subject: [PATCH 83/97] more pipeline fixes --- Jenkinsfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Jenkinsfile b/Jenkinsfile index 89c414555..baa96f19d 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -85,6 +85,7 @@ pipeline { } } + stage('Docker Build and Push') { steps { script { From 3007f32a1c7162cd166a5f5a414b5686327f00c0 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Wed, 29 May 2024 21:56:33 +0100 Subject: [PATCH 84/97] talisman --- .talismanrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.talismanrc b/.talismanrc index 07c324a79..03e764391 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,4 +1,4 @@ fileignoreconfig: - filename: Jenkinsfile - checksum: c52255ffa78b5160831b3d4a6df6f7312894c7e7cc222c0a4e8515302cb5e177 + checksum: fd82739acf2fac63390f3b9402e41daca23cce8713f7ed023e6280615d01d6b2 version: "" \ No newline at end of file From 380dea75c6857d2e281b48339710811b9abdde27 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Thu, 30 May 2024 19:22:15 +0100 Subject: [PATCH 85/97] updating bash script --- trivy-docker-image-scan.sh | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/trivy-docker-image-scan.sh b/trivy-docker-image-scan.sh index 71f3dee7f..ff7b48212 100644 --- a/trivy-docker-image-scan.sh +++ b/trivy-docker-image-scan.sh @@ -1,23 +1,24 @@ #!/bin/bash + dockerImageName=$(awk 'NR==1 {print $2}' Dockerfile) echo $dockerImageName -docker run --rm -v $WORKSPACE:/root/.cache/aquasec/trivy:0.51.1 -q image-exit-code 0-severity HIGH-Light $dockerImageName -docker run --rm -v $WORKSPACE:/root/.cache/aquasec/trivy:0.51.1 image exit-code 1-severity CRITICAL --light $dockerImageName - - #Trivy scan result processing - exit_code=$? +# Ensure Docker is logged in if the image is private +echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin - echo "Exit Code : $exit_code" +# Run Trivy scan +docker run --rm -v $WORKSPACE:/root/.cache/aquasec/trivy:0.51.1 aquasec/trivy:0.51.1 image --exit-code 0 --severity HIGH --light $dockerImageName +docker run --rm -v $WORKSPACE:/root/.cache/aquasec/trivy:0.51.1 aquasec/trivy:0.51.1 image --exit-code 1 --severity CRITICAL --light $dockerImageName - #Check scan results - if - [[ "${exit_code}" -eq 1 ]]; +# Trivy scan result processing +exit_code=$? - then +echo "Exit Code : $exit_code" +# Check scan results +if [[ "${exit_code}" -eq 1 ]]; then echo "Image scanning failed. Vulnerabilities found" exit 1 - else - echo "Image scanning passed. No CRITICAL vulnerabilities found" - fi; +else + echo "Image scanning passed. No CRITICAL vulnerabilities found" +fi From 8a2cbaf9b60397f2f4ee0535b5284f36b9c30c1d Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 8 Jun 2024 10:46:28 +0100 Subject: [PATCH 86/97] OPA config --- Jenkinsfile | 28 +++++----- opa-docker-security.rego | 107 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 122 insertions(+), 13 deletions(-) create mode 100644 opa-docker-security.rego diff --git a/Jenkinsfile b/Jenkinsfile index baa96f19d..cc1d575ce 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -6,7 +6,6 @@ pipeline { MAVEN_OPTS = "--add-opens java.base/java.lang=ALL-UNNAMED" AKS_CLUSTER_NAME = 'Devsecops-aks' NAMESPACE = 'default' - } stages { @@ -16,7 +15,7 @@ pipeline { sh 'mvn clean package -DskipTests=true' archiveArtifacts artifacts: 'target/*.jar', onlyIfSuccessful: true } - } + } stage('Unit Tests - JUnit and Jacoco') { steps { @@ -41,20 +40,17 @@ pipeline { } } - - stage('SonarQube - SAST') { steps { withSonarQubeEnv('SonarQube') { sh "mvn sonar:sonar -Dsonar.projectKey=numeric-application -Dsonar.host.url=http://devsecops-abzconsultancies.eastus.cloudapp.azure.com:9000 -Dsonar.token=squ_b0ffa602f401442384e12c06cbd73a66b51a7d2a" // Make sure the SonarQube scanner has finished before proceeding - } - script { - // It will wait indefinitely for the SonarQube analysis to complete - def qg = waitForQualityGate() - if (qg.status != 'OK') { - error "Quality gate not passed: ${qg.status}" + script { + // It will wait indefinitely for the SonarQube analysis to complete + def qg = waitForQualityGate() + if (qg.status != 'OK') { + error "Quality gate not passed: ${qg.status}" } } } @@ -82,10 +78,17 @@ pipeline { } } } + stage('OPA Conftest') { + steps { + script { + // Run OPA Conftest against the Dockerfile + sh 'docker run --rm -v $(pwd):/project openpolicyagent/conftest test --policy opa-docker-security.rego Dockerfile' + } + } + } } } - stage('Docker Build and Push') { steps { script { @@ -96,7 +99,7 @@ pipeline { // Docker login using credentials securely withDockerRegistry([credentialsId: "90cf476e-ad01-40fe-86fa-4b0599ac41ff", url: ""]) { sh "printenv" - + // Docker build and push commands sh "docker build -t manlikeabz/numeric-app:${GIT_COMMIT} ." sh "docker push manlikeabz/numeric-app:${GIT_COMMIT}" @@ -116,7 +119,6 @@ pipeline { } } - post { always { // Cleanup after Docker to avoid logged in credentials hanging around diff --git a/opa-docker-security.rego b/opa-docker-security.rego new file mode 100644 index 000000000..aa34c2c8e --- /dev/null +++ b/opa-docker-security.rego @@ -0,0 +1,107 @@ +package main + +# Do Not store secrets in ENV variables +secrets_env = [ + "passwd", + "password", + "pass", + "secret", + "key", + "access", + "api_key", + "apikey", + "token", + "tkn" +] + +deny[msg] { + input[i].Cmd == "env" + val := input[i].Value + contains(lower(val[_]), secrets_env[_]) + msg = sprintf("Line %d: Potential secret in ENV key found: %s", [i, val]) +} + +# Only use trusted base images +deny[msg] { + input[i].Cmd == "from" + val := split(input[i].Value[0], "/") + count(val) > 1 + msg = sprintf("Line %d: use a trusted base image", [i]) +} + +# Do not use 'latest' tag for base imagedeny[msg] { +deny[msg] { + input[i].Cmd == "from" + val := split(input[i].Value[0], ":") + contains(lower(val[1]), "latest") + msg = sprintf("Line %d: do not use 'latest' tag for base images", [i]) +} + +# Avoid curl bashing +deny[msg] { + input[i].Cmd == "run" + val := concat(" ", input[i].Value) + matches := regex.find_n("(curl|wget)[^|^>]*[|>]", lower(val), -1) + count(matches) > 0 + msg = sprintf("Line %d: Avoid curl bashing", [i]) +} + +# Do not upgrade your system packages +warn[msg] { + input[i].Cmd == "run" + val := concat(" ", input[i].Value) + matches := regex.match(".*?(apk|yum|dnf|apt|pip).+?(install|[dist-|check-|group]?up[grade|date]).*", lower(val)) + matches == true + msg = sprintf("Line: %d: Do not upgrade your system packages: %s", [i, val]) +} + +# Do not use ADD if possible +deny[msg] { + input[i].Cmd == "add" + msg = sprintf("Line %d: Use COPY instead of ADD", [i]) +} + +# Any user... +any_user { + input[i].Cmd == "user" + } + +deny[msg] { + not any_user + msg = "Do not run as root, use USER instead" +} + +# ... but do not root +forbidden_users = [ + "root", + "toor", + "0" +] + +deny[msg] { + command := "user" + users := [name | input[i].Cmd == "user"; name := input[i].Value] + lastuser := users[count(users)-1] + contains(lower(lastuser[_]), forbidden_users[_]) + msg = sprintf("Line %d: Last USER directive (USER %s) is forbidden", [i, lastuser]) +} + +# Do not sudo +deny[msg] { + input[i].Cmd == "run" + val := concat(" ", input[i].Value) + contains(lower(val), "sudo") + msg = sprintf("Line %d: Do not use 'sudo' command", [i]) +} + +# Use multi-stage builds +default multi_stage = false +multi_stage = true { + input[i].Cmd == "copy" + val := concat(" ", input[i].Flags) + contains(lower(val), "--from=") +} +deny[msg] { + multi_stage == false + msg = sprintf("You COPY, but do not appear to use multi-stage builds...", []) +} \ No newline at end of file From 0f69d6f00e678c931cc0179e400fc588afa2aa4f Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 8 Jun 2024 10:56:01 +0100 Subject: [PATCH 87/97] Editing dockerfile to pass conftest --- .talismanrc | 2 +- Dockerfile | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.talismanrc b/.talismanrc index 03e764391..943180fc3 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,4 +1,4 @@ fileignoreconfig: - filename: Jenkinsfile - checksum: fd82739acf2fac63390f3b9402e41daca23cce8713f7ed023e6280615d01d6b2 + checksum: 433ddebcadd887eed5c3d1ca02f5ab5f860db8e96249a85751e1473649fd7011 version: "" \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 6eea1d93c..f0551cc89 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,7 @@ FROM openjdk:8-jdk-alpine EXPOSE 8080 ARG JAR_FILE=target/*.jar -ADD ${JAR_FILE} app.jar -ENTRYPOINT ["java","-jar","/app.jar"] \ No newline at end of file +RUN addgroup -S pipeline && adduser -S k8s-pipeline -G pipeline +COPY ${JAR_FILE} /home/k8s-pipeline/app.jar +USER k8s-pipeline +ENTRYPOINT ["java","-jar","/home/k8s-pipeline/app.jar"] \ No newline at end of file From 29667329a32874a75014d41db30877b780c9ef6b Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 8 Jun 2024 11:13:37 +0100 Subject: [PATCH 88/97] creating k8s conftest config --- Jenkinsfile | 9 +++++++++ opa-k8s-security.rego | 13 +++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 opa-k8s-security.rego diff --git a/Jenkinsfile b/Jenkinsfile index cc1d575ce..33dcbee18 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -108,6 +108,15 @@ pipeline { } } + stage('Vulneability Scan - Kubernetes') { + steps { + script { + // Run OPA Conftest scan against the Kubernetes deployment file + sh "docker run --rm -v $pwd:/project openpolicyagent/conftest test --policy opa-k8s-security.rego k8s_deployment_service.yaml" + } + } + } + stage('Kubernetes Deployment - DEV') { steps { withKubeConfig([credentialsId: 'kubeconfig']) { diff --git a/opa-k8s-security.rego b/opa-k8s-security.rego new file mode 100644 index 000000000..a2d631e45 --- /dev/null +++ b/opa-k8s-security.rego @@ -0,0 +1,13 @@ +package main + +deny[msg] { + input.kind = "Service" + not input.spec.type == "NodePort" + msg = "Service type should be NodePort" +} + +deny[msg] { + input.kind = "Deployment" + not input.spec.template.spec.containers[0].securityContext.runAsNonRoot == true + msg = "Containers must not run as root - use runAsNonRoot within the container security context" +} \ No newline at end of file From 0937ef77b9618b7fe291e95f1aee8ed2207481d9 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 8 Jun 2024 11:16:33 +0100 Subject: [PATCH 89/97] Adding security context to the k8s manifest --- .talismanrc | 2 +- k8s_deployment_service.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.talismanrc b/.talismanrc index 943180fc3..0e874bbbe 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,4 +1,4 @@ fileignoreconfig: - filename: Jenkinsfile - checksum: 433ddebcadd887eed5c3d1ca02f5ab5f860db8e96249a85751e1473649fd7011 + checksum: 992d066335a6cafe4b6e745ce2445a809498630c38612fe7970006a3a6bd552d version: "" \ No newline at end of file diff --git a/k8s_deployment_service.yaml b/k8s_deployment_service.yaml index ebc929b2f..3f8e02f88 100644 --- a/k8s_deployment_service.yaml +++ b/k8s_deployment_service.yaml @@ -18,6 +18,8 @@ spec: containers: - image: replace name: devsecops-container + securityContext: + runAsNonRoot: true resources: limits: cpu: "1" From 1d8127e227bf04833c9716d2f440f09ea08778e5 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 8 Jun 2024 11:23:34 +0100 Subject: [PATCH 90/97] Fixing non numberic user error --- k8s_deployment_service.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s_deployment_service.yaml b/k8s_deployment_service.yaml index 3f8e02f88..cc6190f79 100644 --- a/k8s_deployment_service.yaml +++ b/k8s_deployment_service.yaml @@ -20,6 +20,7 @@ spec: name: devsecops-container securityContext: runAsNonRoot: true + runAsUser: 100 resources: limits: cpu: "1" From 6d2e2b54c5fb7e63d38db50ea0e1915ad6eba9fd Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 8 Jun 2024 11:58:48 +0100 Subject: [PATCH 91/97] scripting kubernetes --- Jenkinsfile | 35 ++++++++++++++++++++++++++------ k8s-deployment-rollout-status.sh | 11 ++++++++++ k8s-deployment.sh | 13 ++++++++++++ 3 files changed, 53 insertions(+), 6 deletions(-) create mode 100644 k8s-deployment-rollout-status.sh create mode 100644 k8s-deployment.sh diff --git a/Jenkinsfile b/Jenkinsfile index 33dcbee18..5e63dc7f2 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -3,6 +3,12 @@ pipeline { environment { // Set JVM options for Maven + deploymentName = "devsecops" + containerName = "devsecops-container" + serviceName = "devsecops-svc" + imageName = "manlikeabz/numeric-app:${GIT_COMMIT}" + applicationURL = "http://devsecops-abzconsultancies.eastus.cloudapp.azure.com/" + applicationURI = "/increment/99" MAVEN_OPTS = "--add-opens java.base/java.lang=ALL-UNNAMED" AKS_CLUSTER_NAME = 'Devsecops-aks' NAMESPACE = 'default' @@ -117,13 +123,30 @@ pipeline { } } - stage('Kubernetes Deployment - DEV') { - steps { - withKubeConfig([credentialsId: 'kubeconfig']) { - sh "kubectl config use-context ${AKS_CLUSTER_NAME}" - sh "sed -i 's#replace#manlikeabz/numeric-app:${GIT_COMMIT}#g' k8s_deployment_service.yaml" - sh "kubectl apply -f k8s_deployment_service.yaml" + // stage('Kubernetes Deployment - DEV') { + // steps { + // withKubeConfig([credentialsId: 'kubeconfig']) { + // sh "kubectl config use-context ${AKS_CLUSTER_NAME}" + // sh "sed -i 's#replace#manlikeabz/numeric-app:${GIT_COMMIT}#g' k8s_deployment_service.yaml" + // sh "kubectl apply -f k8s_deployment_service.yaml" + // } + // } + // } + + stage('K8s Deployment - Dev'){ + steps{ + parallel( + "Deploynment": { + withKubeConfig([credentialsId: 'kubeconfig']) { + sh "bash k8s-deployment.sh" + } + }, + "Rollout Status": { + withKubeConfig([credentialsId: 'kubeconfig']) { + sh "bash k8s-deployment-rollout-status.sh" + } } + ) } } } diff --git a/k8s-deployment-rollout-status.sh b/k8s-deployment-rollout-status.sh new file mode 100644 index 000000000..f3fa22843 --- /dev/null +++ b/k8s-deployment-rollout-status.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +sleep 60s + +if [[ $(kubectl -n default rollout status deployment/${deploymentName} --timeout 5s) != *"successfully rolled out"* ]]; +then + echo "Deployment ${deploymentName} rolled out has failed" + kubectl rollout undo deployment/${deploymentName} -n default +else + echo "Deployment ${deploymentName} rollout success" +fi \ No newline at end of file diff --git a/k8s-deployment.sh b/k8s-deployment.sh new file mode 100644 index 000000000..287473b3b --- /dev/null +++ b/k8s-deployment.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +sed -i "s#replace#${imageName}#g" k8s_deployment_service.yaml +kubectl -n default get deployment ${deploymentName} &> /dev/null + +if [[ $? -ne 0]]; then + echo "deployment ${deploymentName} not found, creating new deployment" + kubectl apply -f k8s_deployment_service.yaml -n default +else + echo "deployment ${deploymentName} found, updating deployment" + echo "image name - ${imageName}" + kubectl set image deployment/${deploymentName} ${containerName}=${imageName} -n default + fi \ No newline at end of file From f38b63a4e473a47a753f013fd32a21118f27e94d Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 8 Jun 2024 12:55:39 +0100 Subject: [PATCH 92/97] adding kubesec --- .talismanrc | 2 +- Jenkinsfile | 27 ++++++++++++++++++++++----- kubesec-scan.sh | 16 ++++++++++++++++ 3 files changed, 39 insertions(+), 6 deletions(-) create mode 100644 kubesec-scan.sh diff --git a/.talismanrc b/.talismanrc index 0e874bbbe..4848b1cd7 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,4 +1,4 @@ fileignoreconfig: - filename: Jenkinsfile - checksum: 992d066335a6cafe4b6e745ce2445a809498630c38612fe7970006a3a6bd552d + checksum: 7b07c173f21db1c0aa4ed96a25696224dbef9a8d3437620678d79c36ad34678a version: "" \ No newline at end of file diff --git a/Jenkinsfile b/Jenkinsfile index 5e63dc7f2..d24763cfe 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -114,12 +114,29 @@ pipeline { } } - stage('Vulneability Scan - Kubernetes') { + // stage('Vulneability Scan - Kubernetes') { + // steps { + // script { + // // Run OPA Conftest scan against the Kubernetes deployment file + // sh "docker run --rm -v $pwd:/project openpolicyagent/conftest test --policy opa-k8s-security.rego k8s_deployment_service.yaml" + // } + // } + // } + + stage('Vulnerability Scan - Kubernetes') { steps { - script { - // Run OPA Conftest scan against the Kubernetes deployment file - sh "docker run --rm -v $pwd:/project openpolicyagent/conftest test --policy opa-k8s-security.rego k8s_deployment_service.yaml" - } + parallel( + "OPA Scan": { + script { + // Run OPA Conftest scan against the Kubernetes deployment file + sh "docker run --rm -v $(pwd):/project openpolicyagent/conftest test --policy opa-k8s-security.rego k8s_deployment_service.yaml" + } + }, + "Kubesec Scan": { + sh "bsh kubesec-scan.sh" + } + } + ) } } diff --git a/kubesec-scan.sh b/kubesec-scan.sh new file mode 100644 index 000000000..5d78d777a --- /dev/null +++ b/kubesec-scan.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +# using kubesec v2 api +scan_result=$(curl -sSX POST --data-binary @k8s_deployment_service.yaml https://kubesec.io/api/v1/scan) +scan_message=$(curl -sSX POST --data-binary @k8s_deployment_service.yaml https://kubesec.io/api/v1/scan | jq -r '.data[].message') +scan_score=$(curl -sSX POST --data-binary @k8s_deployment_service.yaml https://kubesec.io/api/v1/scan | jq -r '.data[].score') + +if [[ $scan_score -ge 9 ]]; then + echo "Score is $scan_score" + echo "Kubesec scan message: $scan_message" + exit 1 +else + echo "Score is $scan_score, which is less than or equal to 5" + echo "Scanning Kubernetes Resource has failed" + exit 1; +fi \ No newline at end of file From 459b27328fc49bceb4d34af27c6f94d256a0b09d Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 8 Jun 2024 12:59:45 +0100 Subject: [PATCH 93/97] Adding a service account as per kubesec recommendation --- .talismanrc | 2 +- k8s_deployment_service.yaml | 27 ++++++++++++++------------- 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/.talismanrc b/.talismanrc index 4848b1cd7..2fda1b123 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,4 +1,4 @@ fileignoreconfig: - filename: Jenkinsfile - checksum: 7b07c173f21db1c0aa4ed96a25696224dbef9a8d3437620678d79c36ad34678a + checksum: a4c9cd41b0402afd7b2324cc30a6628cbd0aade31a0d852ef2664b297e2bc117 version: "" \ No newline at end of file diff --git a/k8s_deployment_service.yaml b/k8s_deployment_service.yaml index cc6190f79..1e5bdba2b 100644 --- a/k8s_deployment_service.yaml +++ b/k8s_deployment_service.yaml @@ -15,19 +15,20 @@ spec: labels: app: devsecops spec: - containers: - - image: replace - name: devsecops-container - securityContext: - runAsNonRoot: true - runAsUser: 100 - resources: - limits: - cpu: "1" - memory: "1Gi" - requests: - cpu: "100m" - memory: "256Mi" + serviceAccount: default + containers: + - image: replace + name: devsecops-container + securityContext: + runAsNonRoot: true + runAsUser: 100 + resources: + limits: + cpu: "1" + memory: "1Gi" + requests: + cpu: "100m" + memory: "256Mi" --- apiVersion: v1 kind: Service From 36a44ff3f57abd1ac779795dac8829760fd3b2bf Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 8 Jun 2024 13:00:44 +0100 Subject: [PATCH 94/97] Adding a ReadOnlyRootFilesystem as per kubesec recommendation --- k8s_deployment_service.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s_deployment_service.yaml b/k8s_deployment_service.yaml index 1e5bdba2b..77d6f8bba 100644 --- a/k8s_deployment_service.yaml +++ b/k8s_deployment_service.yaml @@ -22,6 +22,7 @@ spec: securityContext: runAsNonRoot: true runAsUser: 100 + readOnlyRootFilesystem: true resources: limits: cpu: "1" From a6285d190425bc93a7c8b5fc9cdafe65ae36d1b4 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 8 Jun 2024 13:35:09 +0100 Subject: [PATCH 95/97] kubesec deployment --- k8s-deployment.sh | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/k8s-deployment.sh b/k8s-deployment.sh index 287473b3b..88a62e0ef 100644 --- a/k8s-deployment.sh +++ b/k8s-deployment.sh @@ -1,13 +1,15 @@ #!/bin/bash sed -i "s#replace#${imageName}#g" k8s_deployment_service.yaml -kubectl -n default get deployment ${deploymentName} &> /dev/null +# kubectl -n default get deployment ${deploymentName} &> /dev/null -if [[ $? -ne 0]]; then - echo "deployment ${deploymentName} not found, creating new deployment" - kubectl apply -f k8s_deployment_service.yaml -n default -else - echo "deployment ${deploymentName} found, updating deployment" - echo "image name - ${imageName}" - kubectl set image deployment/${deploymentName} ${containerName}=${imageName} -n default - fi \ No newline at end of file +# if [[ $? -ne 0]]; then +# echo "deployment ${deploymentName} not found, creating new deployment" +# kubectl apply -f k8s_deployment_service.yaml -n default +# else +# echo "deployment ${deploymentName} found, updating deployment" +# echo "image name - ${imageName}" +# kubectl set image deployment/${deploymentName} ${containerName}=${imageName} -n default +# fi + +kubectl apply -f k8s_deployment_service.yaml -n default \ No newline at end of file From 200c0eb3c71a7b6d4023aff3fb33bb9b991dcddb Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 8 Jun 2024 13:49:13 +0100 Subject: [PATCH 96/97] Adding volumes --- k8s_deployment_service.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/k8s_deployment_service.yaml b/k8s_deployment_service.yaml index 77d6f8bba..ee1b717fd 100644 --- a/k8s_deployment_service.yaml +++ b/k8s_deployment_service.yaml @@ -15,10 +15,16 @@ spec: labels: app: devsecops spec: + volumes: + - name: vol + emptyDir: {} serviceAccount: default containers: - image: replace name: devsecops-container + volumeMounts: + - name: vol + mountPath: /tmp securityContext: runAsNonRoot: true runAsUser: 100 From 2138d4069dbc4252c20d735aa44036c67825e6d4 Mon Sep 17 00:00:00 2001 From: Abdallah Musa Date: Sat, 8 Jun 2024 16:36:48 +0100 Subject: [PATCH 97/97] Running integration tests --- Jenkinsfile | 16 ++++++++++++++++ integration-test.sh | 33 +++++++++++++++++++++++++++++++++ trivy-k8s-scan.sh | 19 +++++++++++++++++++ 3 files changed, 68 insertions(+) create mode 100644 integration-test.sh create mode 100644 trivy-k8s-scan.sh diff --git a/Jenkinsfile b/Jenkinsfile index d24763cfe..ecf314a41 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -150,6 +150,22 @@ pipeline { // } // } + stage('Integration Tests - DEV') { + steps { + script { + try { + withKubeConfig([credentialsId: 'kubeconfig']) { + sh "bash integration-tests.sh" + } + } catch (Exception e) { + withKubeConfig([credentialsId: 'kubeconfig']) { + sh "kubectl rollout undo deployment ${deploymentName}" + } + throw e + } + } + } + stage('K8s Deployment - Dev'){ steps{ parallel( diff --git a/integration-test.sh b/integration-test.sh new file mode 100644 index 000000000..4278b8819 --- /dev/null +++ b/integration-test.sh @@ -0,0 +1,33 @@ +#!/bin/bash +#integration-test.sh + +sleep 5s + +PORT=$(kubectl -n default get svc ${serviceName} -o json | jq .spec.ports[].nodePort) +echo $PORT +echo $applicationURL:$PORT/$applicationURI + +if [[ ! -z "$PORT" ]] +then + response=$(curl -s $applicationURL:$PORT$applicationURI) + http_code=$(curl -s -o /dev/null -w "%{http_code}" $applicationURL:$PORT$applicationURI) + + if [[ "$response" == 100 ]]; + then + echo "Increment Test Passed" + else + echo "Increment Test Failed" + exit 1; + fi; + + if [[ "$http_code" == 200 ]]; + then + echo "HTTP Status Code Test Passed" + else + echo "HTTP Status code is not 200" + exit 1; + fi; +else + echo "The Service does not have a NodePort" + exit 1; +fi; diff --git a/trivy-k8s-scan.sh b/trivy-k8s-scan.sh new file mode 100644 index 000000000..3e6be0ea5 --- /dev/null +++ b/trivy-k8s-scan.sh @@ -0,0 +1,19 @@ +#!/bin/bash +#trivy-k8s-scan + +echo $imageName #getting Image name from env variable + +docker run --rm -v $WORKSPACE:/root/.cache/ aquasec/trivy:0.17.2 -q image --exit-code 0 --severity LOW,MEDIUM,HIGH --light $imageName +docker run --rm -v $WORKSPACE:/root/.cache/ aquasec/trivy:0.17.2 -q image --exit-code 1 --severity CRITICAL --light $imageName + +# Trivy scan result processing +exit_code=$? +echo "Exit Code : $exit_code" + +# Check scan results +if [[ ${exit_code} == 1 ]]; then + echo "Image scanning failed. Vulnerabilities found" + exit 1; +else + echo "Image scanning passed. No vulnerabilities found" +fi;