Phase 3b : Ops | Configure necessary tools in Jenkins | Integrate Trivy

Goal

Scans images through trivy, Check Dependency check using OWASP, Create image and push the image to docker hub.

Install other necessary plugins

Install following plugins.

  • Check the following Docker-related plugins:

    • Docker

    • Docker Commons

    • Docker Pipeline

    • Docker API

    • docker-build-step

We are going to push the Netflix image to Docker hub and pipeline will push the image to hub.

Add DockerHub credentials in Jenkins

Configure OWASP Dependency Check in Jenkins

Configure Dependency-Check Tool:

  • After installing the Dependency-Check plugin, you need to configure the tool.

  • Go to "Dashboard" → "Manage Jenkins" → "Global Tool Configuration."

  • Find the section for "OWASP Dependency-Check."

  • Add the tool's name, e.g., "DP-Check."

  • Save your settings.

Configure Docker in Jenkins

Modify the pipeline with above features.


pipeline{
    agent any
    tools{
        jdk 'jdk17'
        nodejs 'node16'
    }
    environment {
        SCANNER_HOME=tool 'sonar-scanner'
    }
    stages {
        stage('clean workspace'){
            steps{
                cleanWs()
            }
        }
        stage('Checkout from Git'){
            steps{
                git branch: 'main', url: 'https://github.com/N4si/DevSecOps-Project.git'
            }
        }
        stage("Sonarqube Analysis "){
            steps{
                withSonarQubeEnv('sonar-server') {
                    sh ''' $SCANNER_HOME/bin/sonar-scanner -Dsonar.projectName=Netflix \
                    -Dsonar.projectKey=Netflix '''
                }
            }
        }
        stage("quality gate"){
           steps {
                script {
                    waitForQualityGate abortPipeline: false, credentialsId: 'Sonar-token' 
                }
            } 
        }
        stage('Install Dependencies') {
            steps {
                sh "npm install"
            }
        }
        stage('OWASP FS SCAN') {
            steps {
                dependencyCheck additionalArguments: '--scan ./ --disableYarnAudit --disableNodeAudit', odcInstallation: 'DP-Check'
                dependencyCheckPublisher pattern: '**/dependency-check-report.xml'
            }
        }
        stage('TRIVY FS SCAN') {
            steps {
                sh "trivy fs . > trivyfs.txt"
            }
        }
        stage("Docker Build & Push"){
            steps{
                script{
                   withDockerRegistry(credentialsId: 'docker', toolName: 'docker'){   
                       sh "docker build --build-arg TMDB_V3_API_KEY=e79e5f0be51bce34b39d6693b68c7ffb -t netflix ."
                       sh "docker tag netflix aasifa/netflix:latest "
                       sh "docker push aasifa/netflix:latest "
                    }
                }
            }
        }
        stage("TRIVY"){
            steps{
                sh "trivy image aasifa/netflix:latest > trivyimage.txt" 
            }
        }
        stage('Deploy to container'){
            steps{
                sh 'docker run -d -p 8081:80 aasifa/netflix:latest'
            }
        }
    }
}

Update this line with your TMDB API Key in the above code. ( You can refer to Phase 1 blog for more info )

sh "docker build --build-arg TMDB_V3_API_KEY=e79e5f0be51bce34b39d6693b68c7ffb -t netflix ."
If you get docker login failed errorr

sudo su
sudo usermod -aG docker jenkins
sudo systemctl restart jenkins

Also update the code with your dockerhub username in place of aasifa.

Build the pipeline