Install Plugins:
Manage Jenkins -> Plugins -> Available plugins
- Eclipse Temurin Installer (Install without restart)
- SonarQube Scanner (Install without restart)
- NodeJs Plugin (Install Without restart)
- Docker
- Docker commons
- Docker pipeline
- Docker API
- Docker Build step
- Owasp Dependency Check
- Terraform
- Kubernetes
- Kubernetes CLI
- Â Kubernetes Client API
Install tools :
Manage Jenkins -> Tools -> Install JDK(17)
Manage Jenkins -> Tools -> Install Nodejs(16)
Generate Sonarqube token:
Step 1: Login SonarQube Server
Step 2: Click on Administration → Security → Users → Click on Tokens and Update Token → Give it a name → and click on Generate Token
Step 3: Copy Token
Add Token in Jenkins
Manage Jenkins → Credentials → Add Secret Text. It should look like this
Complete DevSecOps CICD Pipeline:
pipeline{
agent any
tools{
jdk 'jdk17'
nodejs 'node16'
}
environment {
SCANNER_HOME=tool 'sonar-scanner'
}
stages {
stage('clean workspace'){
steps{
cleanWs()
}
}
stage('Checkout from Git'){
steps{
git branch: 'main', url: 'https://github.com/sejal1011/reddit-clone-k8s-ingress.git'
}
}
stage('Install Dependencies') {
steps {
sh "npm install"
}
}
stage("Sonarqube Analysis "){
steps{
withSonarQubeEnv('sonar-server') {
sh ''' $SCANNER_HOME/bin/sonar-scanner -Dsonar.projectName=Reddit \
-Dsonar.projectKey=Reddit '''
}
}
}
stage("quality gate"){
steps {
script {
waitForQualityGate abortPipeline: false, credentialsId: 'Sonar-token'
}
}
}
stage('OWASP FS SCAN') {
steps {
dependencyCheck additionalArguments: '--scan ./ --disableYarnAudit --disableNodeAudit', odcInstallation: 'DP-Check'
dependencyCheckPublisher pattern: '**/dependency-check-report.xml'
}
}
stage('TRIVY FS SCAN') {
steps {
sh "trivy fs . > trivyfs.txt"
}
}
stage("Docker Build & Push"){
steps{
script{
withDockerRegistry(credentialsId: 'docker', toolName: 'docker'){
sh "docker build -t reddit ."
sh "docker tag reddit sevenajay/reddit:latest "
sh "docker push sevenajay/reddit:latest "
}
}
}
}
stage("TRIVY"){
steps{
sh "trivy image sevenajay/reddit:latest > trivy.txt"
}
}
stage('Deploy to container'){
steps{
sh 'docker run -d --name reddit -p 3000:3000 sevenajay/reddit:latest'
}
}
stage('Deploy to kubernets'){
steps{
script{
withKubeConfig(caCertificate: '', clusterName: '', contextName: '', credentialsId: 'k8s', namespace: '', restrictKubeConfigAccess: false, serverUrl: '') {
sh 'kubectl apply -f deployment.yml'
sh 'kubectl apply -f service.yml'
sh 'kubectl apply -f ingress.yml'
}
}
}
}
}
}