{"id":18135394,"url":"https://github.com/chrisdc777/devsecops-inic","last_synced_at":"2026-04-10T02:04:46.707Z","repository":{"id":260585427,"uuid":"881576699","full_name":"ChrisDc777/devsecops-inic","owner":"ChrisDc777","description":"This project demonstrates setting up a DevSecOps CI/CD pipeline using Jenkins, Docker, Terraform, and Azure for deploying a web application, with SonarQube and Prometheus for quality assurance and monitoring.","archived":false,"fork":false,"pushed_at":"2024-11-02T08:37:36.000Z","size":7248,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-12T22:37:38.045Z","etag":null,"topics":["aks","azure","docker","dockerfile","github","grafana","jenkins","kubernetes","owasp","prometheus","sonarqube","terraform","trivy","web-app"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ChrisDc777.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-31T21:03:58.000Z","updated_at":"2024-11-02T08:37:39.000Z","dependencies_parsed_at":"2025-02-12T22:36:07.029Z","dependency_job_id":"d9b02cf0-799d-4be2-a5d6-3316674e2841","html_url":"https://github.com/ChrisDc777/devsecops-inic","commit_stats":null,"previous_names":["chrisdc777/devsecops-inic"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ChrisDc777%2Fdevsecops-inic","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ChrisDc777%2Fdevsecops-inic/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ChrisDc777%2Fdevsecops-inic/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ChrisDc777%2Fdevsecops-inic/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ChrisDc777","download_url":"https://codeload.github.com/ChrisDc777/devsecops-inic/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247517613,"owners_count":20951709,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aks","azure","docker","dockerfile","github","grafana","jenkins","kubernetes","owasp","prometheus","sonarqube","terraform","trivy","web-app"],"created_at":"2024-11-01T14:07:05.562Z","updated_at":"2026-04-10T02:04:46.674Z","avatar_url":"https://github.com/ChrisDc777.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# DevSecOps CI/CD Pipeline with Deployment on Azure\n\n### For detailed web application information, please refer to the `README` file in the `src` directory.\n\n\u003cbr/\u003e\n\n## Setup Steps before running through Jenkins pipeline\n\n\n1. **Install Jenkins, Docker, and Trivy**\n\n  \n2. **Create a SonarQube container using Docker and get a TMDB API Key**\n    ```bash\n    docker run -d --name sonar -p 9000:9000 sonarqube:lts-community\n    ```\n\n\n3. **Install Prometheus and Grafana**\n   - Set up using `nssm` locally or on an Ubuntu instance.\n   - Install Node Exporter (or Windows Exporter if using Windows) and add it to the Prometheus configuration file (`prometheus.yml`) for detection.\n\n\n4. **Integrate Prometheus with Jenkins**\n   - Install the Prometheus Plugin in Jenkins and connect it to your Prometheus server.\n\n\n5. **Email Integration with Jenkins**\n   - Set up your Google Account and generate an App Password.\n   - Install the email notification plugin.\n   - Configure email notifications and add credentials.\n   - Set up the extended email notification settings.\n\n\n6. **Install Required Plugins in Jenkins**\n   - Install plugins such as JDK, SonarQube Scanner, Node.js, and OWASP Dependency Check.\n\n7. **Install Docker Related Plugins and Add DockerHub Credentials**\n   - Eclipse Temurin Installer\n   - Docker\n   - Docker Commons\n   - Docker Pipeline\n   - Docker API\n   - docker-build-step\n\n\n9. **Build and Push Docker Image**\n\n\n10. **Deploy the Docker Image**\n\n\u003cbr\u003e\n\n## Further Steps for deployment\n1. **Configure Azure and Deploy Resources with Terraform**\n   - Install terraform\n   - Set up Azure (or your chosen cloud provider) to use Terraform for deploying resources.\n   - After logging into Azure with the Azure CLI (`az login`), run the following commands:\n\n     ```bash\n     terraform init\n     \n     terraform plan\n\n     terraform apply\n     ```\n\n   - (Optional) Deploy an Azure Container Registry (ACR) to store your Docker image.\n     - Only if ACR deployment fails, manually push the image to ACR.\n\n\n3. **Deploy the App Image Using Kubernetes**\n   - Use Kubernetes to deploy the Docker image from ACR to Azure Kubernetes Service (AKS) using a deployment YAML file.\n   - Open PowerShell in Azure and execute the following commands:\n\n     ```bash\n     az \"dns_prefix\" get-credentials --resource-group \"resource_group_name\" --name \"aks_name\"\n\n     kubectl apply -f deployment.yml\n\n     kubectl get service \"service-name\" --watch\n     ```\n\n   - This will provide you with the external IP for your application, which you can access through a browser.\n\n![frontpage](https://github.com/user-attachments/assets/5119815e-0627-4a24-a540-0e7e92fc9f7f)\n\n\n\u003cbr\u003e\n\n## Jenkinsfile\n\nHere’s the complete pipeline for Jenkins:\n\n```groovy\npipeline {\n    agent any\n    tools {\n        jdk 'jdk17'\n        nodejs 'node16'\n    }\n    environment {\n        SCANNER_HOME = tool 'sonar-scanner'\n    }\n    stages {\n        stage('Clean Workspace') {\n            steps {\n                cleanWs()\n            }\n        }\n        stage('Checkout from Git') {\n            steps {\n                git branch: 'main', url: 'https://github.com/ChrisDc777/devsecops-prufen.git'\n            }\n        }\n        stage('SonarQube Analysis') {\n            steps {\n                withSonarQubeEnv('sonar-server') {\n                    bat ''' %SCANNER_HOME%\\\\bin\\\\sonar-scanner -D\"sonar.projectName=Netflix\" \\\n                    -D\"sonar.projectKey=Netflix\" '''\n                }\n            }\n        }\n        stage('Quality Gate') {\n            steps {\n                script {\n                    waitForQualityGate abortPipeline: false, credentialsId: 'Sonar-token'\n                }\n            }\n        }\n        stage('Install Dependencies') {\n            steps {\n                bat \"npm install\"\n            }\n        }\n        stage('OWASP FS Scan') {\n            steps {\n                dependencyCheck additionalArguments: '--scan ./ --disableYarnAudit --disableNodeAudit', odcInstallation: 'DP-Check'\n                dependencyCheckPublisher pattern: '**/dependency-check-report.xml'\n            }\n        }\n        stage('Trivy FS Scan') {\n            steps {\n                bat \"trivy fs . \u003e trivyfs.txt\"\n            }\n        }\n        stage('Docker Build \u0026 Push') {\n            steps {\n                script {\n                    withDockerRegistry(credentialsId: 'docker', toolName: 'docker') {\n                        bat \"docker build --build-arg TMDB_V3_API_KEY=\u003cyour-api-key\u003e -t netflix .\"\n                        bat \"docker tag netflix your-docker-name/netflix:latest\"\n                        bat \"docker push your-docker-name/netflix:latest\"\n                    }\n                }\n            }\n        }\n        stage('Trivy Image Scan') {\n            steps {\n                bat \"trivy image your-docker-name/netflix:latest \u003e trivyimage.txt\"\n            }\n        }\n    }\n    post {\n        always {\n            emailext attachLog: true,\n                subject: \"'${currentBuild.result}'\",\n                body: \"Project: ${env.JOB_NAME}\u003cbr/\u003e\" +\n                      \"Build Number: ${env.BUILD_NUMBER}\u003cbr/\u003e\" +\n                      \"URL: ${env.BUILD_URL}\u003cbr/\u003e\",\n                to: 'your-emailid-configured',\n                attachmentsPattern: 'trivyfs.txt,trivyimage.txt'\n        }\n    }\n}\n```\n\n\u003cbr/\u003e\n\n![pipeline](https://github.com/user-attachments/assets/b35922df-3ce2-4949-9dbd-36d2190f2176)\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchrisdc777%2Fdevsecops-inic","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchrisdc777%2Fdevsecops-inic","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchrisdc777%2Fdevsecops-inic/lists"}