Skip to content

Feature/add app profile update function #549

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bkaiserinfosec merged 41 commits into from
Mar 30, 2024
Merged

Feature/add app profile update function #549

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
41 commits
Select commit Hold shift + click to select a range
5fdd5b1
Update security_quality_gate.py
bkaiserinfosec Mar 13, 2024
1a5e69e
Update Jenkinsfile
bkaiserinfosec Mar 13, 2024
12cbbd2
Update security_quality_gate.py
bkaiserinfosec Mar 13, 2024
ffcd643
Merge branch 'release/0.1.0-beta/Prod-azure' into feature/update-secu…
bkaiserinfosec Mar 13, 2024
c5242c9
update settings and groups
bkaiserinfosec Mar 18, 2024
21ff0cd
add function for table updates
bkaiserinfosec Mar 18, 2024
cfcaab3
updated function for db updates
bkaiserinfosec Mar 18, 2024
fe69827
Update updates.py
bkaiserinfosec Mar 18, 2024
b84553c
Update updates.py
bkaiserinfosec Mar 18, 2024
1c6d5c0
Merge branch 'release/0.1.0-beta/Prod-azure' into feature/fix-syntax-…
bkaiserinfosec Mar 18, 2024
fa80754
Update updates.py
bkaiserinfosec Mar 18, 2024
2e3e85c
Merge branch 'release/0.1.0-beta/Prod-azure' into feature/fix-syntax-…
bkaiserinfosec Mar 18, 2024
7db0df8
Update settings.py
bkaiserinfosec Mar 20, 2024
1e5bddf
update to settings update without restart
bkaiserinfosec Mar 22, 2024
d0f7120
Update run.py
bkaiserinfosec Mar 22, 2024
17aeb1c
Merge branch 'release/0.1.0-beta/Prod-azure' into feature/fix-syntax-…
bkaiserinfosec Mar 22, 2024
ba8b3dc
Update pipeline-config.yaml
bkaiserinfosec Mar 22, 2024
42f91fd
Update __init__.py
bkaiserinfosec Mar 22, 2024
6642feb
Merge branch 'release/0.1.0-beta/Prod-azure' into feature/jenkins-upd…
bkaiserinfosec Mar 22, 2024
89ec1ba
Update __init__.py
bkaiserinfosec Mar 22, 2024
61c8474
Merge branch 'release/0.1.0-beta/Prod-azure' into feature/jenkins-upd…
bkaiserinfosec Mar 22, 2024
9f3a6d2
Update jenkins_webhook.py
bkaiserinfosec Mar 22, 2024
68b7189
Update jenkins_webhook.py
bkaiserinfosec Mar 22, 2024
ba2a700
Merge branch 'release/0.1.0-beta/Prod-azure' into feature/jenkins-upd…
bkaiserinfosec Mar 22, 2024
685167e
Update jenkins_webhook.py
bkaiserinfosec Mar 22, 2024
9762718
Merge branch 'release/0.1.0-beta/Prod-azure' into feature/jenkins-upd…
bkaiserinfosec Mar 22, 2024
9f24393
Update jenkins_webhook.py
bkaiserinfosec Mar 22, 2024
9b1a8cb
Merge branch 'release/0.1.0-beta/Prod-azure' into feature/jenkins-upd…
bkaiserinfosec Mar 22, 2024
a843f29
Update jenkins_webhook.py
bkaiserinfosec Mar 22, 2024
926a746
Merge branch 'release/0.1.0-beta/Prod-azure' into feature/jenkins-upd…
bkaiserinfosec Mar 22, 2024
c3d91be
add new route for updating application profile
bkaiserinfosec Mar 23, 2024
a60eb80
Update __init__.py
bkaiserinfosec Mar 24, 2024
9774a67
Update testing.py
bkaiserinfosec Mar 25, 2024
6f3d885
Merge branch 'release/0.1.0-beta/Prod-azure' into feature/add-app-pro…
bkaiserinfosec Mar 25, 2024
67ef547
Update jenkins_webhook.py
bkaiserinfosec Mar 26, 2024
c24afcc
Update jenkins_webhook.py
bkaiserinfosec Mar 27, 2024
972d30b
Update jenkins_webhook.py
bkaiserinfosec Mar 27, 2024
5319d11
Merge branch 'release/0.1.0-beta/Prod-azure' into feature/add-app-pro…
bkaiserinfosec Mar 27, 2024
3cdf5ae
Update Jenkinsfile
bkaiserinfosec Mar 30, 2024
caa94bf
Update Jenkinsfile
bkaiserinfosec Mar 30, 2024
e8ea6ac
Update pipeline-config.yaml
bkaiserinfosec Mar 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
203 changes: 120 additions & 83 deletions Jenkinsfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,16 @@

pipeline {

agent {
docker {
image 'securityuniversal/jenkins-pipeline-agent:latest'
args '--group-add 999'
}
}
agent none

stages {
stage('Initialize Config') {
agent {
kubernetes {
cloud 'kubernetes-cloud'
label 'jenkins-pipeline-agent'
}
}
steps {
script {
def config = jslReadYamlConfig()
Expand All @@ -28,6 +29,12 @@ pipeline {
}

stage('Prep Job') {
agent {
kubernetes {
cloud 'kubernetes-cloud'
label 'jenkins-pipeline-agent'
}
}
when {
expression {
def config = jslReadYamlConfig('prepJob')
Expand All @@ -50,8 +57,9 @@ pipeline {

stage('Unit Testing') {
agent {
docker {
image 'securityuniversal/jenkins-python-agent:latest'
kubernetes {
cloud 'kubernetes-cloud'
label 'jenkins-python-agent'
}
}
when {
Expand All @@ -66,16 +74,19 @@ pipeline {
}
}
steps {
jslStageWrapper('Unit Testing') {
jslPythonUnitTesting()
container('jenkins-python-agent') {
jslStageWrapper('Unit Testing') {
jslPythonUnitTesting()
}
}
}
}

stage('Secret Scanning') {
agent {
docker {
image 'securityuniversal/jenkins-sectesting-agent:latest'
kubernetes {
cloud 'kubernetes-cloud'
label 'jenkins-secret-agent'
}
}
when {
Expand All @@ -90,16 +101,19 @@ pipeline {
}
}
steps {
jslStageWrapper('Secret Scanning') {
jslSecretScanning()
container('jenkins-secret-agent') {
jslStageWrapper('Secret Scanning') {
jslSecretScanning()
}
}
}
}

stage('Software Composition Analysis') {
agent {
docker {
image 'securityuniversal/jenkins-sectesting-agent:latest'
kubernetes {
cloud 'kubernetes-cloud'
label 'jenkins-sca-agent'
}
}
when {
Expand All @@ -114,20 +128,23 @@ pipeline {
}
}
steps {
jslStageWrapper('Software Composition Analysis') {
script {
def stageConfig = jslReadYamlConfig('sca')
def codeLanguages = stageConfig?.codeLanguages.join(',')
jslSecuritySCA(codeLanguages)
container('jenkins-sca-agent') {
jslStageWrapper('Software Composition Analysis') {
script {
def stageConfig = jslReadYamlConfig('sca')
def codeLanguages = stageConfig?.codeLanguages.join(',')
jslSecuritySCA(codeLanguages)
}
}
}
}
}

stage('Static Application Security Testing') {
agent {
docker {
image 'securityuniversal/jenkins-sectesting-agent:latest'
kubernetes {
cloud 'kubernetes-cloud'
label 'jenkins-sast-agent'
}
}
when {
Expand All @@ -142,21 +159,23 @@ pipeline {
}
}
steps {
jslStageWrapper('Static Application Security Testing') {
script {
def stageConfig = jslReadYamlConfig('sast')
def codeLanguages = stageConfig?.codeLanguages
jslStaticApplicationSecurityTesting(codeLanguages)
container('jenkins-sast-agent') {
jslStageWrapper('Static Application Security Testing') {
script {
def stageConfig = jslReadYamlConfig('sast')
def codeLanguages = stageConfig?.codeLanguages
jslStaticApplicationSecurityTesting(codeLanguages)
}
}
}
}
}

stage('Infrastructure-as-Code Security Testing') {
agent {
docker {
image 'securityuniversal/jenkins-sectesting-agent:latest'
args '--group-add 999'
kubernetes {
cloud 'kubernetes-cloud'
label 'jenkins-iac-agent'
}
}
when {
Expand All @@ -171,18 +190,17 @@ pipeline {
}
}
steps {
jslStageWrapper('Infrastructure-as-Code Security Testing') {
jslInfrastructureAsCodeAnalysis()
container('jenkins-iac-agent') {
jslStageWrapper('Infrastructure-as-Code Security Testing') {
jslInfrastructureAsCodeAnalysis()
}
}
}
}

stage('Build Docker Service') {
agent {
docker {
image 'securityuniversal/jenkins-iac-agent:latest'
args '--group-add 999'
}
label 'DockerVM'
}
when {
expression {
Expand All @@ -208,9 +226,9 @@ pipeline {

stage('Docker Container Scanning') {
agent {
docker {
image 'securityuniversal/jenkins-sectesting-agent:latest'
args '--group-add 999'
kubernetes {
cloud 'kubernetes-cloud'
label 'jenkins-dockersec-agent'
}
}
when {
Expand All @@ -225,21 +243,24 @@ pipeline {
}
}
steps {
jslStageWrapper('Docker Container Scanning') {
script {
def stageConfig = jslReadYamlConfig('containerScan')
def containerName = stageConfig?.containerName
def containerTag = stageConfig?.containerTag
jslContainerSecurityScanning(containerName, containerTag)
container('jenkins-dockersec-agent') {
jslStageWrapper('Docker Container Scanning') {
script {
def stageConfig = jslReadYamlConfig('containerScan')
def containerName = stageConfig?.containerName
def containerTag = stageConfig?.containerTag
jslContainerSecurityScanning(containerName, containerTag)
}
}
}
}
}

stage('Release to Test') {
agent {
docker {
image 'securityuniversal/jenkins-deploy-agent:latest'
kubernetes {
cloud 'kubernetes-cloud'
label 'jenkins-deploy-agent'
}
}
when {
Expand All @@ -254,18 +275,26 @@ pipeline {
}
}
steps {
jslStageWrapper('Release to Test') {
script {
def stageConfig = jslReadYamlConfig('releaseToTest')
def serviceName = stageConfig?.serviceName
def containerTag = stageConfig?.containerTag
jslRunDockerCompose(serviceName, containerTag)
container('jenkins-deploy-agent') {
jslStageWrapper('Release to Test') {
script {
def stageConfig = jslReadYamlConfig('releaseToTest')
def serviceName = stageConfig?.serviceName
def containerTag = stageConfig?.containerTag
jslRunDockerCompose(serviceName, containerTag)
}
}
}
}
}

stage('Test Release') {
agent {
kubernetes {
cloud 'kubernetes-cloud'
label 'jenkins-dast-agent'
}
}
when {
expression {
def config = jslReadYamlConfig('testRelease')
Expand All @@ -278,14 +307,16 @@ pipeline {
}
}
steps {
jslStageWrapper('Test Release') {
script {
def stageConfig = jslReadYamlConfig('testRelease')
def targetUrl = stageConfig?.targetUrl
def dastTestType = stageConfig?.dastTestType
def apiTargetUrl = stageConfig?.apiTargetUrl
jslDastOWASP(dastTestType, targetUrl)
jslDastAPIOWASP(apiTargetUrl, targetUrl)
container('jenkins-dast-agent') {
jslStageWrapper('Test Release') {
script {
def stageConfig = jslReadYamlConfig('testRelease')
def targetUrl = stageConfig?.targetUrl
def dastTestType = stageConfig?.dastTestType
def apiTargetUrl = stageConfig?.apiTargetUrl
jslDastOWASP(dastTestType, targetUrl)
jslDastAPIOWASP(apiTargetUrl, targetUrl)
}
}
}
}
Expand All @@ -294,9 +325,9 @@ pipeline {
////////// Quality Gate //////////
stage("Quality Gate - Security") {
agent {
docker {
image 'securityuniversal/jenkins-sectesting-agent:latest'
args '--group-add 999'
kubernetes {
cloud 'kubernetes-cloud'
label 'jenkins-pipeline-agent'
}
}
when {
Expand All @@ -311,18 +342,20 @@ pipeline {
}
}
steps {
jslStageWrapper('Quality Gate - Security') {
jslSecurityQualityGate()
container('jenkins-pipeline-agent') {
jslStageWrapper('Quality Gate - Security') {
jslSecurityQualityGate()
}
}
}
}

////////// Deploy to Production //////////
stage('Deploy') {
agent {
docker {
image 'securityuniversal/jenkins-deploy-agent:latest'
args '--group-add 999'
kubernetes {
cloud 'kubernetes-cloud'
label 'jenkins-deploy-agent'
}
}
when {
Expand All @@ -337,28 +370,32 @@ pipeline {
}
}
steps {
jslStageWrapper('Deploy') {
script {
def stageConfig = jslReadYamlConfig('deploy')
container('jenkins-deploy-agent') {
jslStageWrapper('Deploy') {
script {
def stageConfig = jslReadYamlConfig('deploy')

jslKubernetesDeploy([
'serviceName': env.appName,
'tlsCredId': stageConfig?.tlsCredId,
'secretsCredentials': stageConfig?.secretsCredentials,
'secretsSetStrings': stageConfig?.secretsSetStrings,
'serviceCredentials': stageConfig?.serviceCredentials,
'serviceSetStrings': stageConfig?.serviceSetStrings
])
jslKubernetesDeploy([
'serviceName': env.appName,
'tlsCredId': stageConfig?.tlsCredId,
'secretsCredentials': stageConfig?.secretsCredentials,
'secretsSetStrings': stageConfig?.secretsSetStrings,
'serviceCredentials': stageConfig?.serviceCredentials,
'serviceSetStrings': stageConfig?.serviceSetStrings
])

}
}
}
}
}
}
post {
always {
script {
jslPipelineReporter()
node('jenkins-pipeline-agent') {
script {
jslPipelineReporter()
}
}
}
}
Expand Down
Loading