Phase 3b : Ops | Configure necessary tools in Jenkins | Integrate Trivy
Goal
Scans images through trivy, Check Dependency check using OWASP, Create image and push the image to docker hub.
Install other necessary plugins
Install following plugins.
Check the following Docker-related plugins:
Docker
Docker Commons
Docker Pipeline
Docker API
docker-build-step
We are going to push the Netflix image to Docker hub and pipeline will push the image to hub.
Add DockerHub credentials in Jenkins
Configure OWASP Dependency Check in Jenkins
Configure Dependency-Check Tool:
After installing the Dependency-Check plugin, you need to configure the tool.
Go to "Dashboard" → "Manage Jenkins" → "Global Tool Configuration."
Find the section for "OWASP Dependency-Check."
Add the tool's name, e.g., "DP-Check."
Save your settings.
Configure Docker in Jenkins
Modify the pipeline with above features.
pipeline{
agent any
tools{
jdk 'jdk17'
nodejs 'node16'
}
environment {
SCANNER_HOME=tool 'sonar-scanner'
}
stages {
stage('clean workspace'){
steps{
cleanWs()
}
}
stage('Checkout from Git'){
steps{
git branch: 'main', url: 'https://github.com/N4si/DevSecOps-Project.git'
}
}
stage("Sonarqube Analysis "){
steps{
withSonarQubeEnv('sonar-server') {
sh ''' $SCANNER_HOME/bin/sonar-scanner -Dsonar.projectName=Netflix \
-Dsonar.projectKey=Netflix '''
}
}
}
stage("quality gate"){
steps {
script {
waitForQualityGate abortPipeline: false, credentialsId: 'Sonar-token'
}
}
}
stage('Install Dependencies') {
steps {
sh "npm install"
}
}
stage('OWASP FS SCAN') {
steps {
dependencyCheck additionalArguments: '--scan ./ --disableYarnAudit --disableNodeAudit', odcInstallation: 'DP-Check'
dependencyCheckPublisher pattern: '**/dependency-check-report.xml'
}
}
stage('TRIVY FS SCAN') {
steps {
sh "trivy fs . > trivyfs.txt"
}
}
stage("Docker Build & Push"){
steps{
script{
withDockerRegistry(credentialsId: 'docker', toolName: 'docker'){
sh "docker build --build-arg TMDB_V3_API_KEY=e79e5f0be51bce34b39d6693b68c7ffb -t netflix ."
sh "docker tag netflix aasifa/netflix:latest "
sh "docker push aasifa/netflix:latest "
}
}
}
}
stage("TRIVY"){
steps{
sh "trivy image aasifa/netflix:latest > trivyimage.txt"
}
}
stage('Deploy to container'){
steps{
sh 'docker run -d -p 8081:80 aasifa/netflix:latest'
}
}
}
}
Update this line with your TMDB API Key in the above code. ( You can refer to Phase 1 blog for more info )
sh "docker build --build-arg TMDB_V3_API_KEY=e79e5f0be51bce34b39d6693b68c7ffb -t netflix ."
If you get docker login failed errorr
sudo su
sudo usermod -aG docker jenkins
sudo systemctl restart jenkins
Also update the code with your dockerhub username in place of aasifa.