- Full stack application made with Node JS having Front-end, Back-end and DB
- SonarQube
- OWASP Dependency check tool (Vulnerbaility Scan on source code)
- Trivy (Uses multiple DB for matching the issues in dependencies to find the issues - file scanning)
- Docker-compose to deploy the applications
- Multi-container application, front-end backend and db
- Docker
- OWASP Dependency-Check
- NodeJS
- SonarQube
Dashboard --> Manage Jenkins --> Tools
- Name --> Select pipeline
- General --> Discard old build ( We are only keeping last 2 builds )
- Keeping the history of 2 builds (BEST PRATICE)
- Pipeline section -- Pipeline script
- Stage 1 -- Git check -- It create a local copy of the repo in the jenkins path in local machine
- Stage 2 -- Perform vulnerability scanner using OWASP dependency check
- For OWASP arguments
https://jeremylong.github.io/DependencyCheck/dependency-check-cli/arguments.htmland location is from root (./) and pattern is xml format. - Stage 3 - Trivy tool should installed in local (VM) Link
https://aquasecurity.github.io/trivy/v0.18.3/installation/ - FS means - File System scan
- Stage 4 - SonarQube it should be running in local, Run docker image
sudo docker run -d --name sonarqube -p 9000:9000 -p 9092:9092 sonarqubeuser and pws is ```admin ```` - Open 9000 web ---> admin username and pwd --> Go to adminstration --> Security --> User --> Create Token --> For connection sonar to jenins it is credentail
- Add credentails to jenkins
- Add sonar server url --
- For sonar we need to add env variable with sonar tool home path
- Here we need to check for pipeline syntax
sonarwithcredentailsand give only sonar (server-name) which we configured in tools - sh (''') used to multiple line commands and ("") for single command
- project name and projectkey we can anything related to project
- Add this plugin to install atleast version of java Eclipse Temurin installer and add java11 and java17 to not to get any errors.
-
jdk 'jdk11' } - If we are using different then we have to mention like this in the pipeline in the up, TOOL TYPE AND TOOL NAME like jdk11 or jdk17 which we have mentioned in the jdk installation in tools
- Stage 5: Install node -- dependencies --> We have to mention in the tools section in the starting of jenkins file as we did for java
- Stage 6 and 7 adding backedn and frontend --> In jenkins we con't move like this using CD so we use in this format
-
steps { dir('/root/.jenkins/workspace/Bank/app/frontend') { sh "npm install" } } - In the above step dir should to jenkins dir in our case the location will be
/var/lib/jenkins/workspace/Bank/app/backend
pipeline {
agent any
tools{
jdk 'jdk17'
nodejs 'node16'
}
environment{
SCANNER_HOME = tool 'sonar-scanner'
JENKINS_HOME = '/var/lib/jenkins' // Set the HOME directory
}
stages {
stage('Git Checkout') {
steps {
git branch: 'main', url: 'https://github.com/jaiswaladi246/fullstack-bank.git'
}
}
stage('OWASP FS SCAN') {
steps {
dependencyCheck additionalArguments: '--scan ./app/backend --disableYarnAudit --disableNodeAudit', odcInstallation: 'DC'
dependencyCheckPublisher pattern: '**/dependency-check-report.xml'
}
}
stage('TRIVY FS SCAN') {
steps {
sh "trivy fs ."
}
}
stage('SONARQUBE ANALYSIS') {
steps {
withSonarQubeEnv('sonar') {
sh " $SCANNER_HOME/bin/sonar-scanner -Dsonar.projectName=Bank -Dsonar.projectKey=Bank "
}
}
}
stage('Install Dependencies') {
steps {
sh "npm install"
}
}
stage('Backend') {
steps {
dir('var/lib/jenkins/workspace/Bank/app/backend') {
sh "npm install"
}
}
}
stage('frontend') {
steps {
dir('var/lib/jenkins/workspace/Bank/app/frontend') {
sh "npm install"
}
}
}
stage('Deploy to Conatiner') {
steps {
sh "npm run compose:up -d"
args '-v $HOME:/home/jenkins'
}
}
}
}