Demostración de inicio de pipeline seguro

Ejemplo de aplicación spring con script de pipeline Jenkins para demostrar pipelines seguros

Pre Requesitos

minikube v1.15.0 - Refer here for installation
helm v3.9.4 - Refer here for installation

Pasos Setup

Minikube setup

Setup minikube

minikube start --nodes=1 --cpus=4 --memory 8192 --disk-size=35g --embed-certs=true --driver=hyperkit

en el driver puedes usar el que quieras, virtual box o hyper-v

Jenkins setup

Setup Jenkins server

helm repo add jenkins https://charts.jenkins.io
helm repo update
helm install jenkins jenkins/jenkins

Esperar hast que el pod de jenkins inicie

Rescatar la clave del usuario admin de Jenkins

  kubectl exec --namespace default -it svc/jenkins -c jenkins -- /bin/cat /run/secrets/chart-admin-password && echo

Note: Make a note of the password

[Optional] Forward Jenkins server port to access from local machine

kubectl port-forward svc/jenkins 8080:8080
open http://localhost:8080

Add additonal plugins to Jeninks server (Manage Jenkins -> Manage plugins)
- BlueOcean
- Configuration as Code
- OWASP Dependency-Track

Dependency Track setup

Refer Dependency Track v4 Installation Guide

Note: dependency-track will take some time to start (~1hr on low end Mac)

Link Jenkins and Dependency Track

Login to Dependency track -> Administration -> Access Management -> Teams -> Click on Automation -> Copy the API Keys -> Also add the Permissions - PROJECT_CREATION_UPLOAD, POLICY_VIOLATION_ANALYSIS, VULNERABILITY_ANALYSIS
Login to Jenkins -> Manage Jenkins -> Configure System -> Scroll to bottom -> Configure the Dependency-Track URL and API key -> Also enable Auto Create Projects -> Test Connection -> Save

Hint: URL (if you have followed the exact steps) http://dependency-track-apiserver.dependency-track.svc.cluster.local

New Jenkins Pipeline

Create a new Jenkins pipeline with this repo and trigger build

Login to Jenkins -> New Item -> Enter name and choose Pipeline -> Choose GitHub project and set project URL
Under pipeline section, Choose Pipeline script from SCM
Choose git as SCM and provide repo details
Save

Pipeline

Refer the below screenshot for the stages in the pipeline

Pipeline View

Stage View

Dependency Track

Tools

Stage	Tool
Secrets Scanner	truffleHog
Dependency Checker	OWASP Dependency checker
SAST	OWASP Find Security Bugs
OSS License Checker	LicenseFinder
SCA	Dependency Track
Image Scanner	Trivy
Image Hardening	Dockle
K8s Hardening	KubeSec
IaC Hardening	checkov
DAST	OWASP Baseline Scan

TODO

Image Malware scanning - ClamAV

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
doc		doc
imgs		imgs
src		src
.dockerignore		.dockerignore
.gitignore		.gitignore
DEPENDENCY_TRACK.md		DEPENDENCY_TRACK.md
Dockerfile		Dockerfile
HELP.md		HELP.md
Jenkinsfile		Jenkinsfile
LICENSE		LICENSE
README.md		README.md
build-agent.yaml		build-agent.yaml
mvnw		mvnw
mvnw.cmd		mvnw.cmd
pod.yaml		pod.yaml
pom.xml		pom.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Demostración de inicio de pipeline seguro

Pre Requesitos

Pasos Setup

Minikube setup

Jenkins setup

Dependency Track setup

Link Jenkins and Dependency Track

New Jenkins Pipeline

Pipeline

Pipeline View

Stage View

Dependency Track

Tools

TODO

About

Releases

Packages

Languages

License

pcanelo/dso-pipe01

Folders and files

Latest commit

History

Repository files navigation

Demostración de inicio de pipeline seguro

Pre Requesitos

Pasos Setup

Minikube setup

Jenkins setup

Dependency Track setup

Link Jenkins and Dependency Track

New Jenkins Pipeline

Pipeline

Pipeline View

Stage View

Dependency Track

Tools

TODO

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages