Skip to content

Latest commit

 

History

History

DevSecOps

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 

End to End DevSecOps Project for DevOps Engineers

In this project, we will learn about DevOps and DevSecOps tools in one project:

Tools Covered:

  • Linux
  • Git and GitHub
  • Docker
  • Docker-compose
  • Jenkins CI/CD
  • SonarQube
  • OWASP
  • Trivy

Pre-requisites to implement this project:

  • AWS EC2 instance (Ubuntu) with instance type t2.large and root volume 29GB.

  • Jenkins installed

  • Docker and docker-compose installled

    sudo apt-get update
    sudo apt-get install docker.io -y
    sudo apt-get install docker-compose -y
    docker run -itd --name sonarqube-server -p 9000:9000 sonarqube:lts-community

Steps for Jenkins CI/CD:

  1. Access Jenkins UI and setup Jenkins

image

  1. Plugins Installation:

    • Go to Manage Jenkins, click on Plugins and install all the plugins listed below, we will require for other tools integration:

      • SonarQube Scanner (Version2.16.1)
      • Sonar Quality Gates (Version1.3.1)
      • OWASP Dependency-Check (Version5.4.3)
      • Docker (Version1.5)

  1. Go to SonarQube Server and create token

    • Click on Administration tab, then Security , then Users and create Token.

    • Create a webhook to notify Jenkins that Quality gates scanning is done. (We will need this step later)

      • Go to SonarQube Server, then Administration , then Configuration and click on Webhook , add webhook in below Format:

      http://<jenkins_url>:8080/sonarqube-webhook/

      Example:

          http://34.207.58.19:8080/sonarqube-webhook/

      image

      image

  1. Go to Jenkins UI Manage Jenkins , then Credentials and add SonarQube Credentials.

image

  1. Now, It's time to integrate SonarQube Server with Jenkins, go to Manage Jenkins , then System and look for SonarQube Servers and add SonarQube.

image

  1. Go to Manage Jenkins , then tools , look for SonarQube Scanner installations and add SonarQube Scanner.

Note: Add name as Sonar

image

  1. Integrate OWASP with Jenkins, go to Manage Jenkins , then tools , look for Dependency-Check installations and add Dependency-Check.

Note: Add name as dc

image

  1. For trivy, we have already installed it, in pre-reuisites.

image

  1. Now, It's time to create a CI/CD pipeline in Jenkins:

    • Click on New Item and give it a name and select Pipeline.
    • Select GitHub Project and paste your GitHub repository link.
    • Scroll down and in Pipeline section select Pipeline script from SCM, because our Jenkinsfile is present on GitHub.

    image

    image

  1. At last run the pipeline and after sometime your code is deployed using DevSecOps.

image

Congratulations!!! You have done it

  • If you find any issue during the execution of this project, let me know on LinkedIn

  • Happy Learning :)

These are our community Links