Skip to content
/ devsecops-with-jenkins Public

Simple implementation devsecops with jenkins, sonarqube & trivy

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

restuwahyu13/devsecops-with-jenkins

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
src
src
 
 
tests
tests
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
.mocharc.json
.mocharc.json
 
 
.trivyignore
.trivyignore
 
 
Dockerfile
Dockerfile
 
 
Jenkinsfile
Jenkinsfile
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
sonar-project.properties
sonar-project.properties
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

DevSecOps With Jenkins

Tutorial ini adalah lanjutan dari automation with jenkins, yang dimana disini saya menambahkan step implementation security analysis menggunakan sonarQube dan Trivy, yang berguna untuk mendekteksi bugs, code smell, security issue etc.

Step By Step

  1. Pastikan anda sudah meginstall SonarQube di server 2 dan sonarScanner di server 1
  2. Setelah selesai menginstall sonarQube dan sonarScanner, anda juga harus meginstall Trivy di server 1
  3. Untuk instalasi lainnya silahkan cek disini

Install SonarQube

docker network create sonar_network

docker run -d --name postgres-14 \
  -e POSTGRES_USER=restuwahyu13 \
  -e POSTGRES_PASSWORD=restuwahyu13 \
  -v postgresql:/var/lib/postgresql \
  -v postgresql_data:/var/lib/postgresql/data \
  --network sonar_network \
  --restart=always \
  postgres:14-alpine

docker run -d --name sonarqube-lts-community \
  -p 9000:9000 \
  -e SONAR_JDBC_URL=jdbc:postgresql://<ip docker container postgres>:5432/postgres \
  -e SONAR_JDBC_USERNAME=restuwahyu13 \
  -e SONAR_JDBC_PASSWORD=restuwahyu13 \
  -v sonarqube_data:/opt/sonarqube/data \
  -v sonarqube_extensions:/opt/sonarqube/extensions \
  -v sonarqube_logs:/opt/sonarqube/logs \
  --network sonar_network \
  --restart=always \
  --link postgres-14 \
  sonarqube:lts-community

Install Sonar Scanner

sudo apt install java-17-openjdk
ls -la /usr/jvm/java-17-openjdk
sudo vim ~/.bashrc -> export JAVA_HOME="/usr/jvm/java-17-openjdk"
source ~/.bashrc
wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.0.2966-linux.zip
sudo apt-get install unzip
unzip sonar-scanner-cli-5.0.0.2966-linux.zip && rm -rf sonar-scanner-cli-5.0.0.2966-linux.zip
sudo mv sonar-scanner-cli-5.0.0.2966-linux /opt
sudo chmod +x /opt/sonar-scanner-5.0.0.2966-linux/bin/sonar-scanner
sudo ln -s /opt/sonar-scanner-5.0.0.2966-linux/bin/sonar-scanner /usr/bin

Install Trivy

sudo apt-get install wget apt-transport-https gnupg lsb-release
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy

About

Simple implementation devsecops with jenkins, sonarqube & trivy

Topics

nodejs jenkins typescript api-rest cicd jenkins-pipeline devsecops-pipeline

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages