{"id":20847262,"url":"https://github.com/praveensirvi1212/devsecops-project","last_synced_at":"2025-04-03T02:10:33.403Z","repository":{"id":93504724,"uuid":"605447945","full_name":"praveensirvi1212/DevSecOps-project","owner":"praveensirvi1212","description":"DevSecOps Project using git, GitHub, jenkins, Maven,Junit, SonarQube, Docker, Trivy, Hashicorp Vault, AWS, Kubernetes","archived":false,"fork":false,"pushed_at":"2023-06-23T08:35:52.000Z","size":35744,"stargazers_count":101,"open_issues_count":0,"forks_count":176,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-03-24T09:41:57.997Z","etag":null,"topics":["aws-s3","cicd","devops-tools","devsecops","devsecops-pipeline","docker","git","hashicorp-vault","java","kubernetes","slack","sonarqube","trivy-scan"],"latest_commit_sha":null,"homepage":"https://sirvipraveen.me/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/praveensirvi1212.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-23T07:08:03.000Z","updated_at":"2025-03-01T19:59:31.000Z","dependencies_parsed_at":null,"dependency_job_id":"b7047f4f-77f5-4c87-b83b-bd3b718a8d78","html_url":"https://github.com/praveensirvi1212/DevSecOps-project","commit_stats":{"total_commits":141,"total_committers":1,"mean_commits":141.0,"dds":0.0,"last_synced_commit":"cf8011475f91173a7bffa1a5c03ec7bf685116dc"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/praveensirvi1212%2FDevSecOps-project","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/praveensirvi1212%2FDevSecOps-project/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/praveensirvi1212%2FDevSecOps-project/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/praveensirvi1212%2FDevSecOps-project/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/praveensirvi1212","download_url":"https://codeload.github.com/praveensirvi1212/DevSecOps-project/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246922247,"owners_count":20855345,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws-s3","cicd","devops-tools","devsecops","devsecops-pipeline","docker","git","hashicorp-vault","java","kubernetes","slack","sonarqube","trivy-scan"],"created_at":"2024-11-18T02:19:29.737Z","updated_at":"2025-04-03T02:10:33.385Z","avatar_url":"https://github.com/praveensirvi1212.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# DevSecOps-Project\n\nIn this project, I created an end-to-end CI/CD pipeline while keeping in mind Securities Best Practices, DevSecOps principles and used all these tools *Git, GitHub , Jenkins,Maven, Junit, SonarQube, Docker, Trivy, AWS S3, Docker Hub, Kubernetes , Slack and Hashicorp Vault,*  to achive the goal.\n\n\n## Project Architecture\n![](https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Images/architecture.png)\n\n## Pipeline flow:\n1. Jenkins will fetch the code from the remote repo \n2. Maven will build the code, if the build fails, the whole pipeline will become a failure and Jenkins will notify the user, If build success then \n3. Junit will do unit testing, if the application passes test cases then will go to the next step otherwise the whole pipeline will become a failureJenkins will notify the user that your build fails.\n4.SonarQube scanner will scan the code and will send the report to the SonarQube server, where the report will go through the quality gate and gives the output to the web Dashboard. \n                        In the quality gate, we define conditions or rules like how many bugs or vulnerabilities, or code smells should be present in the code. \n Also, we have to create a webhook to send the status of quality gate status to Jenkins.\n If the quality gate status becomes a failure, the whole pipeline will become a failure then Jenkins will notify the user that your build fails.\n5. After the quality gate passes, Docker will build the docker image.\nif the docker build fails when the whole pipeline will become a failure and Jenkins will notify the user that your build fails.\n6. Trivy will scan the docker image, if it finds any Vulnerability then the whole pipeline will become a failure, and the generated report will be sent to s3 for future review and Jenkins will notify the user that your build fails.\n7. After trivy scan docker images will be pushed to the docker hub, if the docker fails to push docker images to the docker hub then the pipeline will become a failure and Jenkins will notify the user that your build fails.\n8. After the docker push, Jenkins will create deployment and service in minikube and our application will be deployed into Kubernetes.\nif Jenkins fails to create deployment and service in Kubernetes, the whole pipeline will become a failure and Jenkins will notify the user that your build fails.\n\n\n### PreRequisites\n1. JDK \n1. Git \n1. Github\n1. Jenkins\n1. Sonarqube\n1. Docker\n1. Trivy\n1. AWS account\n1. Docker Hub account\n1. Minikube \u0026 Kubectl\n1. Hashicorp Vault\n1. Slack\n\n # Want to create this Project by your own  then *Follow these  project steps*\n## Step: 1 Installation Part \n\n### Stage-01 : Install JDK and Create a Java Springboot application\nPush all the web application page code file into github\n\n![](https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Images/code.png) \n\n### Stage-02 : Install Jenkins and start Jenkins \nJenkins Installation Prequuisities  https://www.jenkins.io/doc/book/installing/linux/\n1. Installation guide is available here  https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Jenkins_installation.md\n1. After installation, install suggested plugins\n1. Open Jenkins Dashboard and install required plugins – SonarQube Scanner, Hashicorp Vault, Slack\n1. go to manage jenkins \u003e manage pulgins \u003e search for plugins \u003e install without restart\n![](https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Images/jenkins.png) \n\n1. We will required another pulgin called - Kubernetes Continuous Deploy Plugin ( this plugin is deprecated but we can down grade the version for just testing purpose)\nDownload the Plugin file from here https://github.com/praveensirvi1212/DevSecOps-project/blob/main/kubernetes-cd.hpi\n1. Now go to manage jenkins \u003e manage pulgins \u003e Advanced Setting \u003e Deploy Plugin \u003e choose the download file ( kubernetes-cd.hpi) \u003e click on Deploy\n![](https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Images/plugins.png) \n\n### Stage-03 : Install Postgre Database and Install SonarQube\n1. Installation guide is available here https://github.com/praveensirvi1212/DevSecOps-project/blob/main/sonarqube_installation_with_postgres_database.md\n![](https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Images/sonarqube.jpeg) \n### Stage-04 : Install Docker and Create DockerHub account\n1. Installation guide is available here https://github.com/praveensirvi1212/DevSecOps-project/blob/main/docker_installation.md\n1. Create DockerHub account \n\n![](https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Images/dockerhub.png) \n\n\n### Stage-05 : Install Trivy for Vulnerability Scanner for Containers and other Artifacts\nI am following  Debian/Ubuntu  based installation guide you can choose accourding to your os\n\n```sh \n   sudo apt-get install wget apt-transport-https gnupg lsb-release\nwget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -\necho deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list\nsudo apt-get update\nsudo apt-get install trivy\n   ``` \n#### After trivy installation you can scan Container Images, FileSystem, Git Repositories\nIn our can we will scan contianer images\n\n```sh \n   trivy image [YOUR_IMAGE_NAME]\n   ``` \n\n### Stage-06 : Install Hashicorp Vault server \nHashiCorp Vault is a secret-management tool specifically designed to control access to sensitive credentials in a low-trust environment.\n1. Installation guide is available here https://www.cyberithub.com/how-to-install-hashicorp-vault-on-ubuntu-20-04-lts/\n\n### Stage-07 : Install Slack\nSlack is a workplace communication tool, “a single place for messaging, tools and files.” .\n\nInstall Slack from official website of Slack https://slack.com/intl/en-in/downloads/linux\n\n\n### Stage-08: Install Minikube\nMinikube installation Guide is Available here  https://www.linuxtechi.com/how-to-install-minikube-on-ubuntu/\n\n# Done with Installation , Now will we integrate all the tools with Jenkins\n\n## Step: 2 Integeration Part\n\n### Stage-01 : Hashicorp Vault integration with Jenkins\nI am assuming that your Vault server is running \n\nVideo guide to integrate Hashicorp Vault with Jnekins https://www.youtube.com/watch?v=5-RMu9M_Anc\n\n##### 1. create Vault server App role and secret id \n* Copy the following to `/etc/vault.d/vault.hcl`\n```\nstorage \"raft\" {\n  path    = \"/opt/vault/data\"\n  node_id = \"raft_node_1\"\n}\n\nlistener \"tcp\" {\n  address     = \"0.0.0.0:8200\"\n  tls_disable = 1\n}\n\napi_addr = \"http://127.0.0.1:8200\"\ncluster_addr = \"https://127.0.0.1:8201\"\nui = true\n```\n\n* `sudo systemctl stop vault`\n* `sudo systemctl start vault`\n\n#### Commands to run to configure Vault and create AppRole\n\n* `export VAULT_ADDR='http://127.0.0.1:8200'`\n* `vault operator init`\n* `vault operator unseal`\n* `vault operator unseal`\n* `vault operator unseal`\n* `vault login \u003cInitial_Root_Token\u003e`\n   * `\u003cInitial_Root_Token\u003e` is found in the output of `vault operator init`\n* `vault auth enable approle`\n* `vault auth enable approle`\n  * https://www.vaultproject.io/docs/auth/approle\n* `vault write auth/approle/role/jenkins-role token_num_uses=0 secret_id_num_uses=0 policies=\"jenkins\"`\n* `vault read auth/approle/role/jenkins-role/role-id`\n\t* copy the role_id and store somewhere\n* `vault write -f auth/approle/role/jenkins-role/secret-id`\n\n##### 2. Now go to jenkins \u003e Manage  Jenkins \u003eManage Credentials \u003e system \u003e Add credentials \u003e Vault App Role Credentials \u003e paste roleid and secret id token we create in Vault and save and apply.\n![](https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Images/approleVault.png) \n\n\n ### Stage-02: SonarQube integration with Jenkins\n1. Open SonarQube and login using admin username and admin password\n1. Create a Project \u003eEnter Project name, Project key \u003e click on setup\n![](https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Images/sonarqubedb.png)\n1. Create sonarqube token \u003e and save it soemwhere\n1. click on continue \u003e Run analysis on your project \u003e maven \u003e copy following commands and save it some where\n![](https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Images/soanr.png)\n1. Now go to jenkins \u003eManage Credentials \u003e system \u003e Add credentials \u003e secret text file \u003e paste token we create in sonarqube and save and apply.\n\n1. go to manage Jenkins \u003e Configure System \u003e Add SonarQube Server name,url and credentials\n![](https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Images/sonarqube.png)\n1. go to manage Jenkins \u003e Global tool configuration \u003e  Add Maven and SonarQube Scanner\n\n1. Now go to SonarQube \u003e Quality gates \u003e create your own quality gate\n![](https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Images/quality%20gate.png)\n1. Add conditions with your own requirement\n1. Select your project and Set this quality gate as defalut\n![](https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Images/qualiygate.png)\n1. Now go to your Project \u003e project setting \u003e webhook\n1. create webhook with your Jenkins url\n![](https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Images/webhook.png)\n\n### Stage-03 : Add jenkins user to docker group\n ```sh \nsudo gpasswd -a jenkins docker\n ``` \n### Stage-04: Install and Configure AWS CLI\n 1.Installation Guide is Available here https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html \n1. go to AWS \u003e create access key and secret key\n1. configure aws cli using\n```sh \naws configure\n ``` \npaste your  access key and secret key \n#### Method 1\nconfigure aws cli for jenkins user also \n\n##### Note – in this project i used  method 1 but you can also use method 2\n\n#### Method 2 \n1. go to jenkins \u003e Manage Credentials \u003e system \u003e Add credentials \u003e AWS credentials \u003e give your access key and secret key \u003e save\n\n\n### Stage-05: DockerHub Integeration with jenkins for docker login\n1. go to DockerHub \u003e login into DockerHub\n1. go to Account setting \u003e security \u003e generate a token \n1. copy this token and save it some where\n\n##### in this project i used Hashicorp Vault to store my credentials for security purpose  but you can directly store in jenkins also . \nTo store secrets into Vault-\n#### Commands to store `docker` secret into Vault\n\n* `vault secrets enable -path=secrets kv`\n  * https://www.vaultproject.io/docs/secrets/kv\n* `vault write secrets/creds/docker username=your-dockerhub-username password=token-generated-in-dockerhub`\n* Create jenkins-policy.hcl\n```\npath \"secrets/creds/*\" {\n capabilities = [\"read\"]\n}\n```\n* `vault policy write jenkins jenkins-policy.hcl`\n\n1. Now go to jenkins \u003e Manage credentials \u003e global \u003e create credentials with ‘vault username-password credentials ’\n1. give path of your credentials ‘secrets/creds/docker’ \n1. give username key as username and password key as password\n1. give id name as you wish and description and save it \n\n### Stage-06 : kubernetes Integeration  with jenkins\n1. go to jenkins \u003e Manage credentials \u003e System ( global) \u003e Add credentials \u003e tkind - Kubernetes configuration ( Kuberconfig)\n1. give id and description\n1. go to kubeconfig \u003e Enter directly\n\n Now you have to copy the content of your kubeconfig file of your cluster.\nfor that -\n1. go to your home directory , you will find  ` .kube` \n1. change your directory to .kube and cat your config file\n\nYou will find your kubeconfig like this \n```sh \napiVersion: v1\nclusters:\n- cluster:\n    certificate-authority:  /home/praveen/.minikube/ca.crt\n    extensions:\n    - extension:\n        last-update: Fri, 24 Feb 2023 19:17:00 IST\n        provider: minikube.sigs.k8s.io\n        version: v1.28.0\n      name: cluster_info\n    server: https://192.168.49.2:8443\n  name: minikube\ncontexts:\n- context:\n    cluster: minikube\n    extensions:\n    - extension:\n        last-update: Fri, 24 Feb 2023 19:17:00 IST\n        provider: minikube.sigs.k8s.io\n        version: v1.28.0\n      name: context_info\n    namespace: default\n    user: minikube\n  name: minikube\n- context:\n    cluster: \"\"\n    namespace: dev\n    user: \"\"\n  name: my-context\ncurrent-context: minikube\nkind: Config\npreferences: {}\nusers:\n- name: minikube\n  user:\n    client-certificate: /home/praveen/.minikube/profiles/minikube/client.crt\n    client-key: home/praveen/.minikube/profiles/minikube/client.key\n```\n##### Note : I encoded to base64 the data of ca.crt, client.key and client.crt and directly paste the data instead of /home/praveen/.minikube/profiles/minikube/client.crt . But you have to specify the `certificate- authority` to  `certificate- authority-data` ,  `client-certificate` to  `client-certificate-data`,  `client-key` to  `client-key-data`\n\nNow copy the config file data and paste into jenkins \u003e save\n\n### Stage-07 : Slack Integeration with Jenkins\n1. Open Slack \u003e create workspace \u003e create channel\n1. Now go to this site https://slack-t8s2905.slack.com/apps/new/A0F7VRFKN-jenkins-ci\n1. Now choose your channel name\n\n![](https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Images/slack.png)\n1. Click on Add Jenkins CI inetegration\n1. Copy the workspace name and token\n1. store your secret token into Hashicorp Vault\n\n* `vault write secrets/creds/slack secret=your-slack-token `\n1. Now go to jenkins \u003e Manage credentials \u003e system (global ) \u003e Vault sceret text credentials \n1. give your vault sercrets path, Vault key and save\n1. Now go to configure system \u003e slack \u003e give your slack name and select credentials , give your Default channel name like ‘#devops’\n![](https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Images/slcakws.png)\n\n\n\n# We integrated all the tools with Jenkins, Now Create a declarative jenkins  pipeline for each stage.\n\n## Step: 3 Pipeline creation\n\n### General Jenkins  declarative Pipeline Syntax\nI used Tools, Declarative Pipeline beccause we required build tool called maven\n\n```sh \npipeline {\n    agent any\n    tools {\n        maven 'apache-maven-3.0.1' \n    }\n    stages {\n        stage('Example') {\n            steps {\n                sh 'mvn --version'\n            }\n        }\n    }\n}\n```\n\n### Stage-01 : Git Checkout \n1. Defiine a stage as git checkout\n1. go to this site https://opensource.triology.de/jenkins/pipeline-syntax/\n1. search for checkout: check out version control\n1. give your github url, branch and generate the pipeline synatx\n1. paste it into stage steps git check\n\n```sh \nstage('Checkout git') {\n     steps {\n\tgit branch: 'main', url: 'https://github.com/praveensirvi1212/DevSecOps-project'\n  }\n}\n```\n### Stage-02 : Build and Junit test\n1. Defiine a stage as Build and Junit test \n1. go to this site https://opensource.triology.de/jenkins/pipeline-syntax/\n1. search for sh:shell script \n1. give your shell comman and generate the pipeline synatx\n1. paste it into stage \u003e  steps \u003e sh ‘ shell command’\n1. after build success , we want to test the code using junit\n1. go to https://opensource.triology.de/jenkins/pipeline-syntax/\n1. search for Junit:Archived Junit-formatted test result\n1. give your xml test cases file \u003e generate pipeline syntax\n1. paste it into post success\n\n```sh\nstage ('Build \u0026 JUnit Test') {\n\tsteps {\n\t\tsh 'mvn install' \n\t}\n\tpost {\n\t    success {\n\t\t   junit 'target/surefire-reports/**/*.xml'\n\t\t} \n\t}\n}\n```\n### Stage-03 : SonarQube Analysis\nIn this stage i used withSonarQubeEnv to  Prepare SonarQube Scanner environment\nand shell command sh\n1. Define  a stage SonarQube Analysis\n1. paste the command that we created at the time of sonarqube project creation\n```sh\nstage('SonarQube Analysis'){\n\tsteps{\n\t    withSonarQubeEnv('SonarQube-server') {\n\t\tsh 'mvn clean verify sonar:sonar \\\n\t\t-Dsonar.projectKey=devsecops-project-key \\\n\t\t-Dsonar.host.url=$sonarurl \\\n\t\t-Dsonar.login=$sonarlogin'\n\t\t}\n\t}\n}\n\n```\n### Stage-04 : Quality gate\nThis step pauses Pipeline execution and wait for previously submitted SonarQube analysis to be completed and returns quality gate status. Setting the parameter abortPipeline to true will abort the pipeline if quality gate status is not green.\n1. Defiine a stage as Quality gate\n1. go to this site https://opensource.triology.de/jenkins/pipeline-syntax/\n1. search for  waitForQualityGate: Wait for SonarQube analysis to be completed and return quality gate status\n1. generate pipeline syntax and paste it into steps\n1. timeout is optional \n```sh\nstage(\"Quality Gate\") {\n            steps {\n              timeout(time: 1, unit: 'HOURS') {\n                waitForQualityGate abortPipeline: true\n              }\n            }\n          }\n```\n### Stage-05 : Docker Build\nFirst write your dockerfile to build docker images.I have posted my  dockerfile here https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Dockerfile .\n\nIn this stage i  shell command sh to build docker image\n1. Define  a stage Docker Build\n1. go to this site https://opensource.triology.de/jenkins/pipeline-syntax/\n1. search for sh:shell script \n1. give your shell command to build image \u003e generate pipeline syntax\n1. I used build id of jenkins to make versions of docker images\n\n```sh\nstage('Docker Build') {\n      steps {\n           sh 'docker build -t praveensirvi/sprint-boot-app:v1.$BUILD_ID .'\n           sh 'docker image tag praveensirvi/sprint-boot-app:v1.$BUILD_ID praveensirvi/sprint-boot-app:latest'\n\t}\n}\n```\n### Stage-06: Trivy Image scan\nIn this stage i  trivy shell command sh to scan docker image\n1. Define  a stage Trivy Image scan\n1. go to this site https://opensource.triology.de/jenkins/pipeline-syntax/\n1. search for sh:shell script \n1.  give your Trivy shell command to scan build image\n#### Note – There are 3 types of report output  format of trivy ( Table , JSON, Template). I used  html template for output report of trivy scan\n```sh\nstage('Image Scan') {\n\tsteps {\n\tsh ' trivy image --format template --template \"@/usr/local/share/trivy/templates/html.tpl\" -o report.html praveensirvi/sprint-boot-app:latest '\n\t}\n}\n```\n### Stage-07: Upload report generated by trivy to AWS S3\nIn this stage i  shell command sh to scan docker image\n1. Define  a stage Upload report to AWS S3\n1. first create a AWS s3 bucket \n1. go to this site https://opensource.triology.de/jenkins/pipeline-syntax/\n1. search for sh:shell script\n1. give your shell command to upload object to aws s3\n\n```sh\nstage('Upload Scan report to AWS S3') {\n\tsteps {\n\t\tsh 'aws s3 cp report.html s3://devsecops-project/'\n\t}\t\n}\n```\n#### Note – in this Porject i configure aws cli for jenkins user also and execute just shell command . But you can use another method , save your credentials into jenkins and generate a pipeline to upload object to s3.\nFor that - S3 plugins should be installed\nPipeline Syntax \n```sh \nstage(\"Upload\"){\n\tsteps{\n\t      withAWS(region:\"${region}\", credentials:\"${aws_credential}){\n\t\ts3Upload(file:\"${TAG_NAME}\", bucket:\"${bucket}\", path:\"${TAG_NAME}/\")\n\t\t  } \n\t      }\t  \n}\n ``` \n### Stage-08: Push Docker images to DockerHub\nIn this stage i  shell command sh to push docker image to docker hub. I stored Credentials into Vault and access into jenkins using  vault key. You can store DockerHub credentials into jenkins and use as environment variables\n1. Define  a stage Docker images push\n1. go to this site https://opensource.triology.de/jenkins/pipeline-syntax/\n1. search for sh:shell script\n1. give your shell command to push docker images to docker hub\n\n ``` sh\nstage('Docker Push') {\n       steps {\n\twithVault(configuration: [skipSslVerification: true, timeout: 60, vaultCredentialId:   'vault-cred', vaultUrl: 'http://your-vault-server-url:8200'], vaultSecrets: [[path: 'secrets/creds/docker', secretValues: [[vaultKey: 'username'], [vaultKey: 'password']]]]) {\n\tsh \"docker login -u ${username} -p ${password} \"\n\tsh 'docker push praveensirvi/sprint-boot-app:v1.$BUILD_ID'\n\tsh 'docker push praveensirvi/sprint-boot-app:latest'\n\tsh 'docker rmi praveensirvi/sprint-boot-app:v1.$BUILD_ID praveensirvi/sprint-boot-app:latest'\n\t}\n      }\n}\n ``` \n### Stage-08: Deploy to kubernetes\nwrite your kubernetes  deployment and service manifest.Find my kubernetes manifest here https://github.com/praveensirvi1212/DevSecOps-project/blob/main/spring-boot-deployment.yaml .\n\nNow generate pipeline syntax:- \nFor this Kubernetes continuous Deploy plugins should be installed\n1. go to jenkins \u003e your project \u003e pipeline syntax \u003e search for kubernetesDeploy: Deploy to kubernetes\n1. choose your kubeconfig , we created kubeconfig credentials into stage 6 kubernetes Integeration with jenkins\n1. generate pipeline syntax\n1. write your kubernetes manifest name  into configs: 'your-k8s-manifest-name'\n ```sh\nstage('Deploy to k8s') {\n\tsteps {\n\t     script{\n                      kubernetesDeploy configs: 'spring-boot-deployment.yaml', kubeconfigId: 'kubernetes'\n\t\t}\n\t}\n}\n```\n## Stage: Post build action \nIn post build action i used slack notification . After  build jenkins will send notification massage to slack whether your build success or failed.\n1. go to jenkins \u003e your project \u003e pipeline syntax \u003e search for slacksend: send slack message \n1. write your channel name and message \u003e generate pipeline synatx .\n#### Note – i used custom messages for my project . I Created a function for slack notification and called the function into post build .\n ```sh\npost{\n\talways{\n\t\tsendSlackNotifcation()\n\t}\n}\n```\nsendSlackNotification function \n ```sh\ndef sendSlackNotifcation()\n{\nif ( currentBuild.currentResult == \"SUCCESS\" ) {\nbuildSummary = \"Job_name: ${env.JOB_NAME}\\n Build_id: ${env.BUILD_ID} \\n Status: *SUCCESS*\\n Build_url: ${BUILD_URL}\\n Job_url: ${JOB_URL} \\n\"\nslackSend( channel: \"#devops\", token: 'slack-token', color: 'good', message: \"${buildSummary}\")\n}\nelse {\nbuildSummary = \"Job_name: ${env.JOB_NAME}\\n Build_id: ${env.BUILD_ID} \\n Status: *FAILURE*\\n Build_url: ${BUILD_URL}\\n Job_url: ${JOB_URL}\\n \\n \"\nslackSend( channel: \"#devops\", token: 'slack-token', color : \"danger\", message: \"${buildSummary}\")\n}\n}\n ```\n#### Find whole pipeline here https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Jenkinsfile \n\n## Step: 4 Projecct Output\n\n# Final outputs of this Project\n### Jenkins Output : \nAfter 86th  Build my  jenkins pipeline became successful. \n![](https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Images/pipelineop.png) \n\n### Sonarqube Output: \n![](https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Images/sonarqubeop.png) \n\n### Quality Gate Status in Jenkins\nThis Output is the build number 86th. SonarQube Quality gate status is green and passed .   \nYou applied your custom quality gate like : there should be zero ( bug, Vulnerability , code smell ) and your code have greater then 0 (bugs, vulnerability , code smells) . Then your quality gate status will become failure or red. If your quality gate status beome failure , stages after quality gate will be failure.\n![](https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Images/qualitygateop.png) \n\n### Trivy report in AWS S3 push by jenkins\n![](https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Images/trivy-report-s3.png) \n\n\n### Trivy report \n![](https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Images/TrivyReprt.png) \n\n\n### Images in DockerHub pushed by jenkins \n![](https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Images/dockerhubop.png) \n\n### kubernetes output ( deployment and service created by jenkins) \n![](https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Images/kubernetesop.png) \n\n### Application output deployed in k8s \n![](https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Images/spring-boot-app-op.png) \n\n### Slack output \n![](https://github.com/praveensirvi1212/DevSecOps-project/blob/main/Images/slackop.png) \n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpraveensirvi1212%2Fdevsecops-project","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpraveensirvi1212%2Fdevsecops-project","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpraveensirvi1212%2Fdevsecops-project/lists"}