Skip to content

Release/0.1.0 beta/prod azure #548

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bkaiserinfosec merged 79 commits into from
Mar 30, 2024
Merged

Release/0.1.0 beta/prod azure #548

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
79 commits
Select commit Hold shift + click to select a range
5df8e24
Update pipeline-config.yaml (#440)
bkaiserinfosec Dec 30, 2023
c3fb035
Update tox.ini (#441)
bkaiserinfosec Dec 30, 2023
57a681a
Feature/fix toxi (#443)
bkaiserinfosec Dec 30, 2023
b3d741c
Feature/fix toxi (#445)
bkaiserinfosec Dec 30, 2023
f62e0d1
Feature/fix toxi (#447)
bkaiserinfosec Dec 31, 2023
5c40b88
Feature/fix toxi (#449)
bkaiserinfosec Jan 1, 2024
b8d2775
Update Jenkinsfile (#452)
bkaiserinfosec Jan 4, 2024
9e4030d
Feature/jenkinsfile updates (#453)
bkaiserinfosec Jan 8, 2024
fb5d50f
Feature/jenkinsfile updates (#455)
bkaiserinfosec Jan 8, 2024
deaed40
Merge branch 'main' into release/0.2.0-beta/Test-1
bkaiserinfosec Jan 8, 2024
22fc757
Feature/jenkinsfile updates (#457)
bkaiserinfosec Jan 8, 2024
48869b8
Feature/jenkinsfile updates (#459)
bkaiserinfosec Jan 8, 2024
b88f33e
Feature/jenkinsfile updates (#461)
bkaiserinfosec Jan 8, 2024
3058cc8
Feature/jenkinsfile updates (#463)
bkaiserinfosec Jan 8, 2024
eae9cfd
Feature/jenkinsfile updates (#465)
bkaiserinfosec Jan 8, 2024
b1d3586
Feature/jenkinsfile updates (#467)
bkaiserinfosec Jan 10, 2024
a688f72
Feature/jenkinsfile updates (#469)
bkaiserinfosec Jan 10, 2024
d0edd8f
Update Jenkinsfile
bkaiserinfosec Jan 13, 2024
6bc2607
Update pipeline-config.yaml
bkaiserinfosec Jan 13, 2024
4e2bc4a
Update values.yaml
bkaiserinfosec Jan 13, 2024
fba2f2b
Update values.yaml
bkaiserinfosec Jan 13, 2024
1a298c0
Update Jenkinsfile
bkaiserinfosec Jan 15, 2024
ef00ba5
Update values.yaml
bkaiserinfosec Jan 15, 2024
f497be3
Update pipeline-config.yaml
bkaiserinfosec Jan 17, 2024
ee6d9dd
Feature/jenkinsfile updates (#473)
bkaiserinfosec Jan 17, 2024
22a872b
Feature/jenkinsfile updates (#474)
bkaiserinfosec Feb 27, 2024
64ed436
Merge branch 'main' into release/0.1.0-beta/Prod-azure
bkaiserinfosec Feb 27, 2024
1169457
Feature/jenkinsfile updates (#476)
bkaiserinfosec Feb 27, 2024
4b6af0b
Feature/jenkinsfile updates (#478)
bkaiserinfosec Feb 28, 2024
cebffc6
Update pipeline-config.yaml
bkaiserinfosec Feb 28, 2024
38282ba
Feature/jenkinsfile updates (#481)
bkaiserinfosec Feb 28, 2024
86da6a0
Feature/jenkinsfile updates (#483)
bkaiserinfosec Feb 28, 2024
e019ade
Feature/jenkinsfile updates (#485)
bkaiserinfosec Mar 9, 2024
33e0b20
Feature/jenkinsfile updates (#487)
bkaiserinfosec Mar 9, 2024
509a6f1
Update pipeline-config.yaml
bkaiserinfosec Mar 9, 2024
a52196c
Feature/jenkinsfile updates (#490)
bkaiserinfosec Mar 9, 2024
716c878
Merge branch 'main' into release/0.1.0-beta/Prod-azure
bkaiserinfosec Mar 9, 2024
0f39204
Update pipeline-config.yaml
bkaiserinfosec Mar 9, 2024
ce79251
Update Jenkinsfile (#493)
bkaiserinfosec Mar 10, 2024
686ae51
Update security_quality_gate.py (#495)
bkaiserinfosec Mar 13, 2024
b4c8b1d
Feature/update jenkins config (#497)
bkaiserinfosec Mar 13, 2024
0cc02a4
Feature/update security gate config (#499)
bkaiserinfosec Mar 13, 2024
1b2577e
Merge branch 'main' into release/0.1.0-beta/Prod-azure
bkaiserinfosec Mar 13, 2024
0cab74c
Feature/update settings function (#501)
bkaiserinfosec Mar 18, 2024
a598136
Feature/update release based db settings (#503)
bkaiserinfosec Mar 18, 2024
bc17dcc
Feature/update release based db settings (#505)
bkaiserinfosec Mar 18, 2024
14e819d
Merge branch 'main' into release/0.1.0-beta/Prod-azure
bkaiserinfosec Mar 18, 2024
334bc68
Feature/fix db syntax (#507)
bkaiserinfosec Mar 18, 2024
24a95b3
Feature/fix db syntax (#509)
bkaiserinfosec Mar 18, 2024
74b26f7
Merge branch 'main' into release/0.1.0-beta/Prod-azure
bkaiserinfosec Mar 18, 2024
0b07ab0
Feature/fix syntax error (#511)
bkaiserinfosec Mar 18, 2024
e246ba0
Feature/fix syntax error (#513)
bkaiserinfosec Mar 18, 2024
4cf2ebf
Merge branch 'main' into release/0.1.0-beta/Prod-azure
bkaiserinfosec Mar 18, 2024
f98f329
Feature/fix syntax error (#515)
bkaiserinfosec Mar 20, 2024
e50317f
Feature/fix syntax error (#517)
bkaiserinfosec Mar 22, 2024
6eb3118
Merge branch 'main' into release/0.1.0-beta/Prod-azure
bkaiserinfosec Mar 22, 2024
9edb485
Feature/jenkins updates (#519)
bkaiserinfosec Mar 22, 2024
76926b3
Feature/jenkins updates (#521)
bkaiserinfosec Mar 22, 2024
5399fad
Merge branch 'main' into release/0.1.0-beta/Prod-azure
bkaiserinfosec Mar 22, 2024
7dd90fa
Feature/jenkins updates (#523)
bkaiserinfosec Mar 22, 2024
8428000
Merge branch 'main' into release/0.1.0-beta/Prod-azure
bkaiserinfosec Mar 22, 2024
3422a4f
Feature/jenkins updates (#525)
bkaiserinfosec Mar 22, 2024
07cb6a7
Feature/jenkins updates (#527)
bkaiserinfosec Mar 22, 2024
4a11094
Merge branch 'main' into release/0.1.0-beta/Prod-azure
bkaiserinfosec Mar 22, 2024
7319eb2
Feature/jenkins updates (#529)
bkaiserinfosec Mar 22, 2024
2319495
Merge branch 'main' into release/0.1.0-beta/Prod-azure
bkaiserinfosec Mar 22, 2024
e5e42ed
Feature/jenkins updates (#531)
bkaiserinfosec Mar 22, 2024
6f14d86
Merge branch 'main' into release/0.1.0-beta/Prod-azure
bkaiserinfosec Mar 22, 2024
feebb21
Feature/jenkins updates (#533)
bkaiserinfosec Mar 22, 2024
137ec5a
Merge branch 'main' into release/0.1.0-beta/Prod-azure
bkaiserinfosec Mar 22, 2024
3a610b5
Feature/add app profile update function (#535)
bkaiserinfosec Mar 23, 2024
204fd90
Feature/add app profile update function (#537)
bkaiserinfosec Mar 24, 2024
dbd1830
Feature/add app profile update function (#539)
bkaiserinfosec Mar 25, 2024
7b10a4e
Merge branch 'main' into release/0.1.0-beta/Prod-azure
bkaiserinfosec Mar 25, 2024
93ca8b0
Feature/add app profile update function (#541)
bkaiserinfosec Mar 26, 2024
97b706c
Feature/add app profile update function (#543)
bkaiserinfosec Mar 27, 2024
8ef7434
Merge branch 'main' into release/0.1.0-beta/Prod-azure
bkaiserinfosec Mar 27, 2024
287d6fc
Feature/add app profile update function (#545)
bkaiserinfosec Mar 30, 2024
cddb6d7
Feature/add app profile update function (#547)
bkaiserinfosec Mar 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
203 changes: 120 additions & 83 deletions Jenkinsfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,16 @@

pipeline {

agent {
docker {
image 'securityuniversal/jenkins-pipeline-agent:latest'
args '--group-add 999'
}
}
agent none

stages {
stage('Initialize Config') {
agent {
kubernetes {
cloud 'kubernetes-cloud'
label 'jenkins-pipeline-agent'
}
}
steps {
script {
def config = jslReadYamlConfig()
Expand All @@ -28,6 +29,12 @@ pipeline {
}

stage('Prep Job') {
agent {
kubernetes {
cloud 'kubernetes-cloud'
label 'jenkins-pipeline-agent'
}
}
when {
expression {
def config = jslReadYamlConfig('prepJob')
Expand All @@ -50,8 +57,9 @@ pipeline {

stage('Unit Testing') {
agent {
docker {
image 'securityuniversal/jenkins-python-agent:latest'
kubernetes {
cloud 'kubernetes-cloud'
label 'jenkins-python-agent'
}
}
when {
Expand All @@ -66,16 +74,19 @@ pipeline {
}
}
steps {
jslStageWrapper('Unit Testing') {
jslPythonUnitTesting()
container('jenkins-python-agent') {
jslStageWrapper('Unit Testing') {
jslPythonUnitTesting()
}
}
}
}

stage('Secret Scanning') {
agent {
docker {
image 'securityuniversal/jenkins-sectesting-agent:latest'
kubernetes {
cloud 'kubernetes-cloud'
label 'jenkins-secret-agent'
}
}
when {
Expand All @@ -90,16 +101,19 @@ pipeline {
}
}
steps {
jslStageWrapper('Secret Scanning') {
jslSecretScanning()
container('jenkins-secret-agent') {
jslStageWrapper('Secret Scanning') {
jslSecretScanning()
}
}
}
}

stage('Software Composition Analysis') {
agent {
docker {
image 'securityuniversal/jenkins-sectesting-agent:latest'
kubernetes {
cloud 'kubernetes-cloud'
label 'jenkins-sca-agent'
}
}
when {
Expand All @@ -114,20 +128,23 @@ pipeline {
}
}
steps {
jslStageWrapper('Software Composition Analysis') {
script {
def stageConfig = jslReadYamlConfig('sca')
def codeLanguages = stageConfig?.codeLanguages.join(',')
jslSecuritySCA(codeLanguages)
container('jenkins-sca-agent') {
jslStageWrapper('Software Composition Analysis') {
script {
def stageConfig = jslReadYamlConfig('sca')
def codeLanguages = stageConfig?.codeLanguages.join(',')
jslSecuritySCA(codeLanguages)
}
}
}
}
}

stage('Static Application Security Testing') {
agent {
docker {
image 'securityuniversal/jenkins-sectesting-agent:latest'
kubernetes {
cloud 'kubernetes-cloud'
label 'jenkins-sast-agent'
}
}
when {
Expand All @@ -142,21 +159,23 @@ pipeline {
}
}
steps {
jslStageWrapper('Static Application Security Testing') {
script {
def stageConfig = jslReadYamlConfig('sast')
def codeLanguages = stageConfig?.codeLanguages
jslStaticApplicationSecurityTesting(codeLanguages)
container('jenkins-sast-agent') {
jslStageWrapper('Static Application Security Testing') {
script {
def stageConfig = jslReadYamlConfig('sast')
def codeLanguages = stageConfig?.codeLanguages
jslStaticApplicationSecurityTesting(codeLanguages)
}
}
}
}
}

stage('Infrastructure-as-Code Security Testing') {
agent {
docker {
image 'securityuniversal/jenkins-sectesting-agent:latest'
args '--group-add 999'
kubernetes {
cloud 'kubernetes-cloud'
label 'jenkins-iac-agent'
}
}
when {
Expand All @@ -171,18 +190,17 @@ pipeline {
}
}
steps {
jslStageWrapper('Infrastructure-as-Code Security Testing') {
jslInfrastructureAsCodeAnalysis()
container('jenkins-iac-agent') {
jslStageWrapper('Infrastructure-as-Code Security Testing') {
jslInfrastructureAsCodeAnalysis()
}
}
}
}

stage('Build Docker Service') {
agent {
docker {
image 'securityuniversal/jenkins-iac-agent:latest'
args '--group-add 999'
}
label 'DockerVM'
}
when {
expression {
Expand All @@ -208,9 +226,9 @@ pipeline {

stage('Docker Container Scanning') {
agent {
docker {
image 'securityuniversal/jenkins-sectesting-agent:latest'
args '--group-add 999'
kubernetes {
cloud 'kubernetes-cloud'
label 'jenkins-dockersec-agent'
}
}
when {
Expand All @@ -225,21 +243,24 @@ pipeline {
}
}
steps {
jslStageWrapper('Docker Container Scanning') {
script {
def stageConfig = jslReadYamlConfig('containerScan')
def containerName = stageConfig?.containerName
def containerTag = stageConfig?.containerTag
jslContainerSecurityScanning(containerName, containerTag)
container('jenkins-dockersec-agent') {
jslStageWrapper('Docker Container Scanning') {
script {
def stageConfig = jslReadYamlConfig('containerScan')
def containerName = stageConfig?.containerName
def containerTag = stageConfig?.containerTag
jslContainerSecurityScanning(containerName, containerTag)
}
}
}
}
}

stage('Release to Test') {
agent {
docker {
image 'securityuniversal/jenkins-deploy-agent:latest'
kubernetes {
cloud 'kubernetes-cloud'
label 'jenkins-deploy-agent'
}
}
when {
Expand All @@ -254,18 +275,26 @@ pipeline {
}
}
steps {
jslStageWrapper('Release to Test') {
script {
def stageConfig = jslReadYamlConfig('releaseToTest')
def serviceName = stageConfig?.serviceName
def containerTag = stageConfig?.containerTag
jslRunDockerCompose(serviceName, containerTag)
container('jenkins-deploy-agent') {
jslStageWrapper('Release to Test') {
script {
def stageConfig = jslReadYamlConfig('releaseToTest')
def serviceName = stageConfig?.serviceName
def containerTag = stageConfig?.containerTag
jslRunDockerCompose(serviceName, containerTag)
}
}
}
}
}

stage('Test Release') {
agent {
kubernetes {
cloud 'kubernetes-cloud'
label 'jenkins-dast-agent'
}
}
when {
expression {
def config = jslReadYamlConfig('testRelease')
Expand All @@ -278,14 +307,16 @@ pipeline {
}
}
steps {
jslStageWrapper('Test Release') {
script {
def stageConfig = jslReadYamlConfig('testRelease')
def targetUrl = stageConfig?.targetUrl
def dastTestType = stageConfig?.dastTestType
def apiTargetUrl = stageConfig?.apiTargetUrl
jslDastOWASP(dastTestType, targetUrl)
jslDastAPIOWASP(apiTargetUrl, targetUrl)
container('jenkins-dast-agent') {
jslStageWrapper('Test Release') {
script {
def stageConfig = jslReadYamlConfig('testRelease')
def targetUrl = stageConfig?.targetUrl
def dastTestType = stageConfig?.dastTestType
def apiTargetUrl = stageConfig?.apiTargetUrl
jslDastOWASP(dastTestType, targetUrl)
jslDastAPIOWASP(apiTargetUrl, targetUrl)
}
}
}
}
Expand All @@ -294,9 +325,9 @@ pipeline {
////////// Quality Gate //////////
stage("Quality Gate - Security") {
agent {
docker {
image 'securityuniversal/jenkins-sectesting-agent:latest'
args '--group-add 999'
kubernetes {
cloud 'kubernetes-cloud'
label 'jenkins-pipeline-agent'
}
}
when {
Expand All @@ -311,18 +342,20 @@ pipeline {
}
}
steps {
jslStageWrapper('Quality Gate - Security') {
jslSecurityQualityGate()
container('jenkins-pipeline-agent') {
jslStageWrapper('Quality Gate - Security') {
jslSecurityQualityGate()
}
}
}
}

////////// Deploy to Production //////////
stage('Deploy') {
agent {
docker {
image 'securityuniversal/jenkins-deploy-agent:latest'
args '--group-add 999'
kubernetes {
cloud 'kubernetes-cloud'
label 'jenkins-deploy-agent'
}
}
when {
Expand All @@ -337,28 +370,32 @@ pipeline {
}
}
steps {
jslStageWrapper('Deploy') {
script {
def stageConfig = jslReadYamlConfig('deploy')
container('jenkins-deploy-agent') {
jslStageWrapper('Deploy') {
script {
def stageConfig = jslReadYamlConfig('deploy')

jslKubernetesDeploy([
'serviceName': env.appName,
'tlsCredId': stageConfig?.tlsCredId,
'secretsCredentials': stageConfig?.secretsCredentials,
'secretsSetStrings': stageConfig?.secretsSetStrings,
'serviceCredentials': stageConfig?.serviceCredentials,
'serviceSetStrings': stageConfig?.serviceSetStrings
])
jslKubernetesDeploy([
'serviceName': env.appName,
'tlsCredId': stageConfig?.tlsCredId,
'secretsCredentials': stageConfig?.secretsCredentials,
'secretsSetStrings': stageConfig?.secretsSetStrings,
'serviceCredentials': stageConfig?.serviceCredentials,
'serviceSetStrings': stageConfig?.serviceSetStrings
])

}
}
}
}
}
}
post {
always {
script {
jslPipelineReporter()
node('jenkins-pipeline-agent') {
script {
jslPipelineReporter()
}
}
}
}
Expand Down
7 changes: 4 additions & 3 deletions src/vr/api/vulns/jenkins_webhook.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -226,7 +226,7 @@ def add_application_sla_policy(app_id):

# Add the handler to the logger
logger.addHandler(stream_handler)
def add_new_scan(git_url, branch_name, report_id):
def add_new_scan(app_name, git_url, branch_name, report_id):

try:
stage_str = _determine_stages_for_app(git_url, branch_name)
Expand All @@ -240,7 +240,8 @@ def add_new_scan(git_url, branch_name, report_id):
'TESTS': stage_str,
'GIT_BRANCH': branch_name,
'REPORT_ID': report_id,
'PIPELINE_TYPE': "PARALLEL_SCAN"
'PIPELINE_TYPE': "PARALLEL_SCAN",
'APP_NAME': app_name
}
url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
Expand Down Expand Up @@ -276,7 +277,7 @@ def parallel_security_scan():
report_id = _add_vulnerability_scan(app_id, branch_name)

# Start processing in a new thread
processing_thread = Thread(target=add_new_scan, args=(git_url, branch_name, report_id))
processing_thread = Thread(target=add_new_scan, args=(app_name, git_url, branch_name, report_id))
processing_thread.start()

return jsonify({"report_id": report_id, "status": "processing started"}), 200
Expand Down