DevSecOps java project pipeline Working(100%)(Last one)
final pipeline working (without artifact)
pipeline {
agent any
environment {
SONAR_HOME = tool 'sonar'
}
stages {
stage('Check Java') {
steps {
sh 'echo $JAVA_HOME'
sh 'java -version'
}
}
stage('Clone') {
steps {
git url: 'https://github.com/satyagilegitbytes/Petclinic.git', branch: 'main'
}
}
stage('SonarQube Quality Analysis') {
steps {
withSonarQubeEnv('sonar-server') {
sh ''' ${SONAR_HOME}/bin/sonar-scanner -X -Dsonar.projectName=Petclinic \
-Dsonar.java.binaries=. \
-Dsonar.projectKey=Petclinic '''
}
}
}
stage('OWASP Dependency Check') {
steps {
dependencyCheck additionalArguments: "--scan ./", odcInstallation: "DP-check"
dependencyCheckPublisher pattern: "**/dependency-check-report.xml"
}
}
stage('SonarQube Quality Gate') {
steps {
timeout(time: 2, unit: 'MINUTES') {
waitForQualityGate abortPipeline: false
}
}
}
stage('Build the Code') {
steps {
sh "mvn clean package"
// sh "docker build -t shopping-cart:dev -f docker/Dockerfile ."
}
}
stage('Docker Build & Push The Code') {
steps {
script {
withCredentials([usernamePassword(credentialsId: 'dockercred', passwordVariable: 'dockerhubPass', usernameVariable: 'dockerhubuser')]) {
sh "docker build -t notes-app ."
sh "docker tag notes-app ${env.dockerhubuser}/javacode:latest"
// Uncomment the following line if you need to tag another image
// sh "docker tag notes-app01 ${env.dockerhubuser}/backend1-image:01"
sh "docker login -u ${env.dockerhubuser} -p ${env.dockerhubPass}"
sh "docker push ${env.dockerhubuser}/javacode:latest"
// Uncomment the following line if you need to push another image
// sh "docker push ${env.dockerhubuser}/backend1-image:01"
}
}
}
}
stage('Trivy File System Scan') {
steps {
sh "trivy fs --format table --output trivy-fs-report.html ."
}
}
stage('Deploy The Code') {
steps{
sh "cp /var/lib/jenkins/workspace/test_03/target/petclinic.war /var/lib/tomcat9/webapps "
}
}
}
}
Last Pipeline Completely working(Last)(Final Pipeline )
pipeline {
agent any
environment {
SONAR_HOME = tool 'sonar'
}
stages {
stage('Check Java') {
steps {
sh 'echo $JAVA_HOME'
sh 'java -version'
}
}
stage('Clone') {
steps {
git url: 'https://first_workspace5-admin@bitbucket.org/first_workspace5/petclinic.git', branch: 'main'
}
}
stage('SonarQube Quality Analysis') {
steps {
withSonarQubeEnv('sonar-server') {
sh ''' ${SONAR_HOME}/bin/sonar-scanner -X -Dsonar.projectName=Petclinic \
-Dsonar.java.binaries=. \
-Dsonar.projectKey=Petclinic '''
}
}
}
stage('OWASP Dependency Check') {
steps {
dependencyCheck additionalArguments: "--scan ./", odcInstallation: "DP-check"
dependencyCheckPublisher pattern: "**/dependency-check-report.xml"
}
post {
always {
archiveArtifacts artifacts: '**/dependency-check-report.xml', allowEmptyArchive: true
}
}
}
stage('SonarQube Quality Gate') {
steps {
timeout(time: 2, unit: 'MINUTES') {
waitForQualityGate abortPipeline: false
}
}
}
stage('Build the Code') {
steps {
sh "mvn clean package"
// sh "docker build -t shopping-cart:dev -f docker/Dockerfile ."
}
}
stage('Docker Build & Push The Code') {
steps {
script {
withCredentials([usernamePassword(credentialsId: 'dockercred', passwordVariable: 'dockerhubPass', usernameVariable: 'dockerhubuser')]) {
sh "docker build -t notes-app ."
sh "docker tag notes-app ${env.dockerhubuser}/javacode:latest"
// Uncomment the following line if you need to tag another image
// sh "docker tag notes-app01 ${env.dockerhubuser}/backend1-image:01"
sh "docker login -u ${env.dockerhubuser} -p ${env.dockerhubPass}"
sh "docker push ${env.dockerhubuser}/javacode:latest"
// Uncomment the following line if you need to push another image
// sh "docker push ${env.dockerhubuser}/backend1-image:01"
}
}
}
}
stage('Trivy File System Scan') {
steps {
sh "trivy fs --format table --output trivy-fs-report.html ."
}
post {
always {
archiveArtifacts artifacts: 'trivy-fs-report.html', allowEmptyArchive: true
}
}
}
stage('Deploy The Code') {
steps{
sh "cp /var/lib/jenkins/workspace/test_03/target/petclinic.war /var/lib/tomcat9/webapps "
}
}
}
}
DevSecOpsPipelinesonarqubetrivyJavaTriVexa#DevSecOps #CICD #Pipeline #SonarQube #Trivy #OWASP #Jenkins #Security #ContinuousIntegration #ContinuousDeployment #Automation #CodeQuality #ContainerSecurity #VulnerabilityScanning #SecureCoding #SoftwareDevelopment #DevOps #CyberSecurity #ApplicationSecurity #SoftwareSecurity #TechBlog #ITSecurity #CodeAnalysis #SecurityTools