How to Build a CI/CD Pipeline with Jenkins, SonarQube & Trivy By rjshk013@gmail.com / May 1, 2025
A hands-on DevOps project that brings together Jenkins, SonarQube, and Trivy β all running locally with Docker Compose β to create a cost-free and secure CI/CD pipeline. π§ Introduction
CI/CD is at the heart of modern DevOps. But what if you could build an end-to-end secure pipeline using only open-source tools β and run everything locally on a single Ubuntu server?
Thatβs exactly what I did β
In this tutorial, Iβll walk you through setting up a complete DevSecOps pipeline where:
π§ Jenkins handles the automation
π§ͺ SonarQube ensures code quality
π‘οΈ Trivy scans for vulnerabilities
π³ Docker Compose manages all containers
π₯οΈ Even the deployment host is the same server, making this setup incredibly efficient and minimal
No external VMs, no cloud cost, no complexity β just pure DevOps learning π»β¨ π» System Requirements
OS: Ubuntu 20.04+
RAM: 8 GB+
Tools: Docker, Docker Compose
Internet access for pulling images
𧱠Step 1: Clone the Project & Launch Jenkins + SonarQube with Docker Compose
Before setting up our CI/CD magic, letβs get the project ready by cloning the repository and initializing the required directories and SSH keys. π 1οΈβ£ Clone the Repository
Start by cloning the DevSecOps project repo that contains our pre-configured docker-compose.yaml and helper scripts:
git clone https://github.com/rjshk013/devops-projects.git cd cicd-jenkins
π 2οΈβ£ Run start.sh to Prepare the Jenkins Agent
This script does two important things:
π Creates required directories (jenkins_home, jenkins_agent, jenkins_agent_keys)
π Generates SSH key pairs for Jenkins master β agent authentication
chmod +x setup.sh sh setup.sh
β After this, your system is ready to launch the services! π How This Docker Compose Setup Works (All-in-One CI/CD Stack)
This Docker Compose file orchestrates a fully functional DevSecOps pipeline stack β all running locally, isolated in a shared network β and ready to automate builds, scans, and deployments π₯
version: "3.8"
services:
jenkins-master: image: jenkins/jenkins:lts-jdk17 container_name: jenkins restart: unless-stopped user: 1000:1000 ports: - "8080:8080" - "50000:50000" volumes: - jenkins_home:/var/jenkins_home:rw - /var/run/docker.sock:/var/run/docker.sock - /usr/bin/docker:/usr/bin/docker environment: - JAVA_OPTS=-Dhudson.security.csrf.GlobalCrumbIssuerStrategy=true -Djenkins.security.SystemReadPermission=true networks: - jenkins_network security_opt: - no-new-privileges:true read_only: true tmpfs: - /tmp:size=2G healthcheck: test: ["CMD-SHELL", "curl -f http://localhost:8080/login || exit 1"] interval: 1m30s timeout: 10s retries: 3
jenkins-agent: image: jenkins/ssh-agent container_name: jenkins-agent restart: unless-stopped expose: - "22" volumes: - /var/run/docker.sock:/var/run/docker.sock - /usr/bin/docker:/usr/bin/docker - jenkins_agent:/home/jenkins/agent:rw - type: bind source: ./jenkins_agent_keys target: /home/jenkins/.ssh read_only: true environment: - SSH_PUBLIC_KEY_DIR=/home/jenkins/.ssh networks: - jenkins_network security_opt: - no-new-privileges:true tmpfs: - /tmp:size=2G
sonarqube: container_name: sonarqube image: sonarqube:lts-community restart: unless-stopped depends_on: - sonar_db ports: - "9001:9000" environment: SONAR_JDBC_URL: jdbc:postgresql://sonar_db:5432/sonar SONAR_JDBC_USERNAME: sonar SONAR_JDBC_PASSWORD: sonar volumes: - sonarqube_conf:/opt/sonarqube/conf - sonarqube_data:/opt/sonarqube/data - sonarqube_extensions:/opt/sonarqube/extensions - sonarqube_logs:/opt/sonarqube/logs - sonarqube_temp:/opt/sonarqube/temp networks: - jenkins_network
sonar_db: image: postgres:15 restart: unless-stopped environment: POSTGRES_USER: sonar POSTGRES_PASSWORD: sonar POSTGRES_DB: sonar volumes: - sonar_db:/var/lib/postgresql - sonar_db_data:/var/lib/postgresql/data networks: - jenkins_network
networks: jenkins_network: driver: bridge
volumes: jenkins_home: jenkins_agent: sonarqube_conf: sonarqube_data: sonarqube_extensions: sonarqube_logs: sonarqube_temp: sonar_db: sonar_db_data:
π οΈ Jenkins Master (jenkins-master)
π¦ Image: Uses jenkins/jenkins:lts-jdk17
π Ports:
8080: Jenkins web UI
50000: For connecting inbound agents
πΎ Volumes:
jenkins_home: Persists Jenkins jobs, config, and plugins
/var/run/docker.sock: Lets Jenkins build and run Docker containers
/usr/bin/docker: Gives Jenkins CLI access to Docker commands
π§ͺ Health Check:
Automatically checks service availability via a curl login probe
π Hardened Settings:
read_only: true: Makes the container filesystem immutable
tmpfs: Stores /tmp in RAM for better performance and safety
no-new-privileges: Prevents privilege escalation inside the container
βοΈ Jenkins SSH Agent (jenkins-agent)
π¦ Image: Uses jenkins/ssh-agent (for connecting back to master)
π SSH Access:
Mounts SSH keys from jenkins_agent_keys to enable secure agent communication
πΎ Volumes:
jenkins_agent: Stores agent workspace data
/usr/bin/docker + Docker socket: Enables builds inside the agent container
π‘οΈ Security First:
read_only: true + tmpfs: Isolates temp files in RAM
no-new-privileges: Blocks processes from elevating access
π§ SonarQube (sonarqube)
π¦ Image: sonarqube:lts-community
π Port Mapping:
Exposed as localhost:9001 β container:9000
π Connects to PostgreSQL (sonar_db)
Configured via SONAR_JDBC_URL and credentials
πΎ Volumes:
Persist configuration, extensions, data, logs, and temp files
π Depends On:
Ensures PostgreSQL container starts before SonarQube
π PostgreSQL Database (sonar_db)
π¦ Image: postgres:15
π― Purpose: Backend database for SonarQube code analysis data
π Environment Variables:
Sets DB name, user, and password for SonarQube integration
πΎ Volumes:
sonar_db and sonar_db_data: Persist DB schema and data
π Common Docker Network: jenkins_network
All containers share a custom bridge network, enabling secure internal DNS resolution and private communication between services (like jenkins β agent β sonarqube β postgres). π³ 3οΈβ£ Launch Jenkins + SonarQube + PostgreSQL with Docker Compose
Now that everything is set, fire up the full stack:
docker-compose up -d
β Verify Container Status After Launch
Once youβve started the stack using docker compose up -d, youβll want to make sure everything is running properly.
π§ͺ Run this command to check the status of all containers:
docker ps
β³ Give Jenkins Some Timeβ¦
β²οΈ Wait 1β2 minutes, then run docker ps again.
You should see:
π’ jenkins container: showing healthy
π’ jenkins-agent container: up
π§ sonarqube: should also be healthy and accessible at localhost:9001
β Once all containers are up and healthy, youβre ready to configure Jenkins and start building pipelines! π Step 4: Access Jenkins Web Interface
Your Jenkins Master is now running β letβs unlock the power of automation! π
π₯οΈ Open your browser and go to:
Youβll be greeted by the Jenkins Setup Wizard π§ββοΈ
π Enter the initial admin password
To retrieve the initial admin password for login run the below command
docker exec -it jenkins cat /var/jenkins_home/secrets/initialAdminPassword
Follow the guided setup: install recommended plugins, create your admin user
Once it finished will ask for configure admin user.Click save & continue
Once you completed we can see the jenkins dashboard as below 𧱠Step 2: Configure jenkins agent for build π 1οΈβ£ Add SSH Credentials for Jenkins Agent
Now letβs securely configure the SSH authentication so the Jenkins Master can talk to the Jenkins Agent π
Navigate to your Jenkins dashboard.
Click on Manage Jenkins.
Select Credentials.
Under (global), click Add Credentials.
Fill in the form:
Kind: SSH Username with private key
Scope: Global
Username: jenkins
Private Key: Enter directly
Key: Paste the contents of the id_rsa file located inside the jenkins_agent_keys folder. This key is automatically generated during the setup process when you run the setup.sh script.
ID: can give some name to identify the credential,here i am giving build-agent
Description: SSH key for Jenkins agent
Click OK to save.
π Step 2: Connect Agent to Jenkins Master
In Jenkins, go to Manage Jenkins > Manage Nodes and Clouds.
Click New Node.
Enter a name (e.g., agent), select Permanent Agent, and click create
Configure the node:
Remote root directory: /home/jenkins/agent
Labels: agent
Launch method: Launch agents via SSH
Host: jenkins-agent (matches the Docker service name)
Credentials: Select the credential that you have created earlier
Host Key Verification Strategy: Manually trusted key verification Strategy
Click Save
Verify Connection:
Jenkins will attempt to connect to the agent. If successful, the agentβs status will show as Connected.
Step 3:Configure Jenkins Agent SSH Key for Remote Host Access
Since we already generated the SSH key pair during the Jenkins setup (via setup.sh), we can reuse the same private key for connecting to the remote host.(in our case it is the same local ubuntu server where we running containers )
β Just copy the public key to your host machineβs authorized_keys.
On your host machine, run the following commands:
cat /home/user/devops-projects/cicd-jenkins/jenkins_agent_keys/id_rsa.pub >> ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys
π§ This allows Jenkins (via the agent) to SSH into the host machine securely using the existing key β Add SSH Credentials for Remote Host Deployment
These credentials allow Jenkins to SSH into your remote host and trigger Docker Compose commands during deployment.
β‘οΈ Go to Manage Jenkins β Credentials β (Global) β Add Credentials Then fill out the following fields:
Kind: SSH Username with private key
Scope: Global
Username: user (or your actual host system username)
Private Key: Enter directly β paste the content of id_rsa from jenkins_agent_keys folder (generated by setup.sh)
ID (optional): deploy-server-ssh
Description: Remote host SSH for Docker Compose deployment
π Plugin Power-Up: Install Essential Jenkins Plugins π
βοΈ Go to: Manage Jenkins β Plugins β Available Plugins
β
Search and Install without restart for each listed plugin below.
1οΈβ£ Eclipse Temurin Installer
π§ Installs and manages JDK versions for your build environments 2οΈβ£ SonarQube Scanner
π Integrates Jenkins with SonarQube to analyze code quality and detect bugs 3οΈβ£ NodeJS Plugin
π Allows Jenkins to install and use specific Node.js versions in pipelines 4οΈβ£ Docker Plugin Suite (Install all individually) π³
Enables full Docker support in Jenkins β from simple builds to full pipelines
β
Docker Plugin
β
Docker Commons
β
Docker Pipeline
β
Docker API
β
Docker Build Step
5οΈβ£ SSH Agent Plugin
π Use SSH credentials securely to connect and execute on remote machines π§ Step 4: Access & Secure Your SonarQube Dashboard
π SonarQube is now up and running on port 9001
π Open your browser and visit: π http://localhost:9001/
π Login using default credentials:
Username: admin
Password: admin
Log in to SonarQube with the admin user
In the top right corner, click your username(Here it is Administrator)β choose βMy Accountβ.
Go to the βSecurityβ tab.
Under Generate Tokens:
Name: enter something like jenkins-global-token
Type: leave it as User Token
Expires In: choose No expiration (recommended for CI usage)
Click Generate, and copy the token (you wonβt be able to see it again later).
β This token allows Jenkins to push analysis results to any project that the user has access to.
After previous step, youβll see the generated token. Save it somewhere to not loose. Weβll need that for later. π Why Use a Global Token?
π Reusable across all projects β no need to generate separate tokens per project
π§Ή Easy to manage β one place to rotate/update
β
Secure β stored in Jenkins as a credential (not hardcoded)
βοΈ Scalable β works even as your pipeline or project count grows
𧱠Step 2: Create the Project (Using the Global Token)
Navigate to Projects β Create Project.
Select Manually.
3.Fill:
Project Key: blog-app
Display Name: blog-app
Main branch name: In my case it is main.But in some projects it could be master or dev as well
4.On the next screen, when youβre asked:
How do you want to analyze your project?
β
Choose: Locally
It will now prompt:
Use existing token
π Paste your global token here
π’ DO NOT click Generate Token β instead, choose βUse existing tokenβ and paste the global one you created in Step 1.
This completes the project setup and links your global token to it.
Note: You can see the Run analysis on your project options after giving the token.Just ignore the further steps .Will add the necessary commands in Jenkinsfile
π§Ύ 3. Add SonarQube Token to Jenkins Credentials
In Jenkins, go to Manage Jenkins > Credentials.
Select the appropriate domain (e.g., (global)).
Click Add Credentials.
Choose Secret text as the kind.
Paste the SonarQube token into the Secret field that we created from the step Create a Global Token in SonarQube
Provide an ID (e.g., sonar-token) and a description.
Click Create to save.
βοΈ 4.Configure SonarQube Server in Jenkins
Navigate to Manage Jenkins > Configure System.
Scroll down to the SonarQube servers section.
Click Add SonarQube.
Provide a name for the server (e.g. sonar-server).
Enter the SonarQube server URL (http://sonarqube:9000).
β
Use the Docker container name sonarqube β this works because both Jenkins and SonarQube are running on the same Docker Compose network (jenkins_network), and Docker handles the DNS resolution automatically
6.Server authentication token: Select the credential ID you created earlier β e.g., sonar-token
7.Check Enable injection of SonarQube server configuration as build environment variables.
β
βEnable injection of SonarQube server configuration as build environment variablesβ
When checked, Jenkins automatically injects environment variables like:
SONAR_HOST_URL
SONAR_AUTH_TOKEN
SONAR_SCANNER_HOME
These can then be used inside shell scripts or pipeline steps without hardcoding.Click Save to apply the changes.
- Installing Required Tools in Jenkins
To make Jenkins ready for CI/CD magic β¨, we need to equip it with essential tools. These tools empower Jenkins to build, test, scan, and deploy applications across the pipeline.
π Navigate to:
Jenkins Dashboard β Manage Jenkins β Global Tool Configuration
Now, configure the following: π 1. π§ͺ SonarQube Scanner
β Required for performing static code analysis on your project directly from Jenkins
π§ Steps to configure:
Navigate to the SonarQube Scanner section β Click β Add SonarQube Scanner π·οΈ Name: sonar-scanner β Check: Install automatically π½ Installer source: Install from Maven Central
π Version: 7.0.2.4839 (or latest available)
π Jenkins will now auto-download and manage the SonarQube Scanner version needed for your pipeline.
π§ This ensures that your pipeline always has a ready-to-go scanner for SonarQube analysis without needing to install anything manually on your host. 2.β JDK 21 (Temurin)
β
Required to compile Java-based projects and run tools like SonarQube Scanner in Jenkins
π§ Steps to configure:
Navigate to the JDK section β Click β Add JDK
π·οΈ Name: jdk21
β
Check: Install automatically
π½ Installer source: Install from adoptium.net
π Select version: 21.0.4 (or latest available under JDK 21)
π§ This setup ensures Jenkins downloads and uses Java 21 from the official Adoptium build 3.π© NodeJS 21.0.0
β
Required for building frontend applications (React, Vue, Angular) or running JavaScript-based tools in Jenkins
π§ Steps to configure:
Scroll to the NodeJS section β Click β Add NodeJS
π·οΈ Name: node21
β
Check: Install automatically
π½ Installer source: Install from nodejs.org
π Select version: 21.0.0
π§ This configuration allows Jenkins to download and manage Node.js v21.0.0 directly from the official Node.js website 4.π³ Docker (Latest)
β
Essential for building, running, and scanning Docker containers directly from Jenkins pipelines
π§ Steps to configure:
Scroll to the Docker section β Click β Add Docker
π·οΈ Name: docker
β
Check: Install automatically
π½ Installer source: Download from docker.com
π Select version: (latest available or your preferred Docker version)
π§ With this setup, Jenkins automatically installs Docker from the official source β no manual setup or system-level install required.
Ensure Docker is already installed on your system (/usr/bin/docker)
π Youβve already mounted the Docker socket in your Jenkins Compose file, so this config links Jenkins with the host Docker engine.
Apply and Save:
Once all tools are configured, click Apply and Save.
7.Configure Essential Credentials in Jenkins for Secure CI/CD π§Ύ 1. π Generate a Docker Hub Access Token
Go to: Docker Hub β Account Settings β Security β Access Tokens
Click β βNew Access Tokenβ
Give it a meaningful name (e.g.,jenkins-ci)
Click Generate
π Copy the token (you wonβt see it again!)
π§° 2. πΌ Add the Token to Jenkins Credentials
Go to your Jenkins Dashboard: β‘οΈ Manage Jenkins β Credentials β Global Credentials (unrestricted) β Add Credentials
π Select: Kind: Secret text
βοΈ Secret: (Paste the Docker token here)
π·οΈ ID: docker-hub-token (or any unique identifier)
π¬ Description: Docker Hub Personal Access Token for Jenkins
β Create it! π οΈ Step-8:Grant Docker Access to Jenkins
To enable Jenkins (inside the container) to communicate with Docker on the host:
sudo chmod 666 /var/run/docker.sock
β οΈ Why this is needed?
This sets read/write permissions on the Docker socket so Jenkins containers can:
π³ Build Docker images
π Scan them with Trivy
π Push to Docker Hub
π‘ Note: This is safe for local testing environments, but not recommended for production.
π About the Application: Wanderlust β A 3-Tier Web App
π§ Wanderlust is a lightweight 3-tier web application designed to demonstrate full CI/CD automation using open-source DevOps tools. It features: π¦ Architecture:
Frontend: A modern web UI built with ReactJS (Node.js 21), offering a clean and responsive interface for user interactions.
Backend: A RESTful API developed using Node.js and Express.js, handling business logic and communication with the database.
Database: MongoDB used as the NoSQL data store for posts or travel-related content.
π Set Up Your Jenkins CI/CD Pipeline β Automation Begins Here!
Now that your DevOps environment is all set π―, itβs time to automate your entire workflow β from code checkout to deployment β using a Jenkins pipeline.
π‘ What will this pipeline do? β Clone your code from GitHub β Run static code analysis via SonarQube β Perform vulnerability scans with Trivy β Build & push Docker images β Deploy the app β hands-free! π 8.Letβs Create the Pipeline Job
π₯οΈ Navigate to Jenkins Dashboard:
β Click on βNew Itemβ
π·οΈ Name your project β e.g., wanderlust-deploy
𧱠Choose βPipelineβ as the project type
β
Click OK to continue
Define Pipeline Syntax:
In the Pipeline section, select Pipeline script and add the following pipeline code:
pipeline { agent { label 'agent' }
tools {
jdk 'jdk21'
nodejs 'node21'
}
environment {
IMAGE_TAG = "${BUILD_NUMBER}"
BACKEND_IMAGE = "rjshk013/wanderlust-backend"
FRONTEND_IMAGE = "rjshk013/wanderlust-frontend"
}
stages {
stage('SCM Checkout') {
steps {
git branch: 'main', url: 'https://github.com/rjshk013/devops-projects.git'
}
}
stage('Install Dependencies') {
steps {
dir('wanderlust-3tier-project/backend') {
sh "npm install || true"
}
dir('wanderlust-3tier-project/frontend') {
sh "npm install"
}
}
}
stage('Run SonarQube') {
environment {
scannerHome = tool 'sonar-scanner'
}
steps {
withSonarQubeEnv('sonar-server') {
sh """
${scannerHome}/bin/sonar-scanner \
-Dsonar.projectKey=blog-app \
-Dsonar.projectName=blog-app \
-Dsonar.sources=wanderlust-3tier-project
"""
}
}
}
stage('Docker Build') {
steps {
dir('wanderlust-3tier-project') {
sh '''
docker build -t ${BACKEND_IMAGE}:${IMAGE_TAG} ./backend
docker build -t ${FRONTEND_IMAGE}:${IMAGE_TAG} ./frontend
'''
}
}
}
stage('Scan with Trivy') {
steps {
script {
def images = [
[name: "${BACKEND_IMAGE}:${IMAGE_TAG}", output: "trivy-backend.txt"],
[name: "${FRONTEND_IMAGE}:${IMAGE_TAG}", output: "trivy-frontend.txt"]
]
for (img in images) {
echo "π Scanning ${img.name}..."
sh """
mkdir -p wanderlust-3tier-project
docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock \
-v \$HOME/.trivy-cache:/root/.cache/ \
-v \$WORKSPACE/wanderlust-3tier-project:/scan-output \
aquasec/trivy image \
--scanners vuln \
--severity HIGH,CRITICAL \
--exit-code 0 \
--format table \
${img.name} > wanderlust-3tier-project/${img.output}
"""
}
}
}
}
stage('Push to Docker Hub') {
steps {
withCredentials([string(credentialsId: 'docker-hub-token', variable: 'DOCKER_TOKEN')]) {
sh '''
echo "${DOCKER_TOKEN}" | docker login -u rjshk013 --password-stdin
docker push ${BACKEND_IMAGE}:${IMAGE_TAG}
docker push ${FRONTEND_IMAGE}:${IMAGE_TAG}
'''
}
}
}
stage('Remote Deploy on Host with Docker Compose') {
steps {
sshagent(credentials: ['deploy-server-ssh']) {
sh '''
echo "π Deploying on host with docker compose..."
ssh -o StrictHostKeyChecking=no user@172.18.0.1 '
cd /home/user/devops-projects/wanderlust-3tier-project &&
docker compose build &&
docker compose up -d
'
'''
}
}
}
}
post {
always {
archiveArtifacts artifacts: 'wanderlust-3tier-project/trivy-*.txt', fingerprint: true
}
}
}
π οΈ Understanding the Jenkinsfile (Wanderlust CI/CD Pipeline)
This Jenkinsfile automates the complete build β scan β deploy lifecycle of your Wanderlust project.
Hereβs a step-by-step overview of what it does: π₯ Key Highlights
Secure Build: Code quality is validated by SonarQube before proceeding to deployment β
Security First: Images are scanned by Trivy before pushing to Docker Hub π‘οΈ
Fully Automated: No manual steps β from Git pull to live deployment π
Secrets Handling: Docker Hub credentials and SonarQube token are injected via Jenkins Credentials Manager π
π§ 9.Update Jenkinsfile with Your Values
Before using the pipeline, replace the following placeholders with your own values:
rjshk013 β your actual Docker Hub username
https://github.com/rjshk013/devops-projects.git β use the provided repo or your own cloned GitHub repo
user@172.18.0.1-Replace with your host username & ip
Thatβs it β just plug in your details and youβre good to go! π π 1οΈβ£0οΈβ£ Triggering the Pipeline & Viewing Results
Once your Jenkins pipeline is fully configured, itβs time to fire it up! π₯
π οΈ Steps to Run the Pipeline:
π Go to the Jenkins Dashboard and click on your job (e.g., wanderlust-deploy).
π Navigate to βBuild Historyβ, and click on the latest build number (e.g., #1).
π In the build details page:
β
Click Pipeline Steps or Pipeline Overview to visualize each stage.
π₯οΈ Click Console Output to follow the logs in real-time β great for debugging and validation.
β 1οΈβ£1οΈβ£ Post-Pipeline Verification: Confirm Everything Worked! π΅οΈββοΈ
After the pipeline runs successfully, itβs time to verify each key milestone to ensure your CI/CD process worked perfectly. π³ Docker Image Push Confirmation
β Go to your Docker Hub repository.
π Navigate to:
wanderlust-backend
wanderlust-frontend
π Check if the latest image tags (build numbers) are successfully listed and match the ones from the Jenkins pipeline. π§ SonarQube Code Quality Analysis
π Open your browser and go to: http://localhost:9001 (or your configured SonarQube URL)
π Navigate to:
Projects β blog-app
β You should see a recent analysis with quality gate status, bugs, code smells, duplications, etc. π‘οΈ Trivy Vulnerability Scan
π Go back to Jenkins UI β your job β latest build β Artifacts
π Youβll find files like:
trivy-backend.txt
trivy-frontend.txt
π Open them and look for:
Severity levels: CRITICAL, HIGH
Confirm no critical issues OR review and mitigate them accordingly.
π§ͺ 1οΈβ£2οΈβ£ Test the Deployed Application Locally
π Once your CI/CD pipeline has completed successfully, your application is now live and accessible on your host machine. Hereβs how to verify: π Access Frontend:
π Open your browser and go to: http://localhost:5173/
You should see your React-based frontend app running π π οΈ Access Backend (API):
π Open another tab and hit: http://localhost:5000/ π³ Verify Running Containers on Host Machine
To ensure both your frontend and backend services are up and running after deployment, run the following command on your host terminal:
docker ps π GitHub Repository
ποΈ You can find the complete source code, Jenkinsfile, Docker Compose setup, and scripts used in this article right here:
π GitHub β Wanderlust 3-Tier DevSecOps CI/CD Project β Conclusion: Your DevSecOps Lab Is Now Live π
Youβve just built a real-world CI/CD pipeline that:
π§ Automates code building and testing with Jenkins
π§ Ensures code quality through SonarQube
π‘οΈ Scans for vulnerabilities using Trivy
π³ Runs entirely in Docker Compose
π₯οΈ Deploys applications seamlessly on the same local server
And the best part? You did it all with zero cloud cost β 100% open-source, local, and production-grade ready! π― π― Whatβs Next?
π§ͺ Add unit and integration tests for better quality gates
βοΈ Try extending this setup to a cloud provider like AWS or Azure
π Integrate monitoring tools like Prometheus and Grafana
π¦ Explore Kubernetes and Helm for container orchestration
This setup isnβt just a tutorial β itβs a launchpad into real-world DevOps workflows. Now youβre equipped to experiment, expand, and evolve your own secure software delivery system ππ» How to deploy Prometheus on Kubernetes using helm-part2 January 2, 2025 No Comments