{"id":14984775,"url":"https://github.com/rmkanda/secure-pipeline-java-demo","last_synced_at":"2025-06-25T13:35:02.096Z","repository":{"id":75056958,"uuid":"267560865","full_name":"rmkanda/secure-pipeline-java-demo","owner":"rmkanda","description":null,"archived":false,"fork":false,"pushed_at":"2022-01-05T11:37:09.000Z","size":1877,"stargazers_count":35,"open_issues_count":0,"forks_count":36,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-10T22:40:51.761Z","etag":null,"topics":["boilerplate","demo","devops","devsecops","devsecops-best-practices","devsecops-pipeline","jenkins-pipeline","pipeline","security","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rmkanda.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-28T10:31:01.000Z","updated_at":"2023-08-01T11:21:59.000Z","dependencies_parsed_at":null,"dependency_job_id":"4b8d4a95-8c4c-48ec-9f18-ae3542b34d16","html_url":"https://github.com/rmkanda/secure-pipeline-java-demo","commit_stats":{"total_commits":45,"total_committers":3,"mean_commits":15.0,"dds":0.0444444444444444,"last_synced_commit":"f8686e2dee2cd2891df99e41a578b0c1b2c1ed8e"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/rmkanda/secure-pipeline-java-demo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rmkanda%2Fsecure-pipeline-java-demo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rmkanda%2Fsecure-pipeline-java-demo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rmkanda%2Fsecure-pipeline-java-demo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rmkanda%2Fsecure-pipeline-java-demo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rmkanda","download_url":"https://codeload.github.com/rmkanda/secure-pipeline-java-demo/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rmkanda%2Fsecure-pipeline-java-demo/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261883329,"owners_count":23224479,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["boilerplate","demo","devops","devsecops","devsecops-best-practices","devsecops-pipeline","jenkins-pipeline","pipeline","security","security-tools"],"created_at":"2024-09-24T14:09:39.213Z","updated_at":"2025-06-25T13:35:02.060Z","avatar_url":"https://github.com/rmkanda.png","language":"Java","readme":"# Secure Pipelines Demo\n\nSample spring application with Jenkins pipeline script to demonstrate secure pipelines\n\n## Pre Requesites\n\n- minikube v1.24.0 - [Refer here for installation](https://kubernetes.io/docs/tasks/tools/install-minikube/)\n- helm v3.7.2 - [Refer here for installation](https://helm.sh/docs/intro/install/)\n\n## Setup Setps\n\n### Minikube setup\n\n- Setup minikube\n  ```s\n  minikube start --nodes=1 --cpus=4 --memory 8192 --disk-size=35g --embed-certs=true --driver=hyperkit\n  minikube addons enable ingress\n  ```\n\n### Jenkins setup\n\n- Stup Jenkins server\n\n  ```s\n  helm repo add jenkins https://charts.jenkins.io\n  helm repo update\n  helm install jenkins jenkins/jenkins\n  ```\n\n- Wait for the jenkins pod to start\n- Get admin user password of Jenkins\n\n  ```s\n    kubectl exec --namespace default -it svc/jenkins -c jenkins -- /bin/cat /run/secrets/chart-admin-password \u0026\u0026 echo\n  ```\n\n  **Note:** Make a note of the password\n\n- [Optional] Forward Jenkins server port to access from local machine\n\n  ```s\n  kubectl port-forward svc/jenkins 8080:8080\n  open http://localhost:8080\n  ```\n\n- Add additonal plugins to Jeninks server (Manage Jenkins -\u003e Manage plugins)\n\n  - BlueOcean\n  - Configuration as Code\n  - OWASP Dependency-Track\n\n### Dependency Track setup\n\n- Refer [Dependency Track v4 Installation Guide](DEPENDENCY_TRACK.md)\n\n  **Note:** dependency-track will take some time to start (~1hr on low end Mac)\n\n### Link Jenkins and Dependency Track\n\n- Login to Dependency track -\u003e Administration -\u003e Access Management -\u003e Teams -\u003e Click on Automation -\u003e Copy the API Keys -\u003e Also add the Permissions - PROJECT_CREATION_UPLOAD, POLICY_VIOLATION_ANALYSIS, VULNERABILITY_ANALYSIS\n\n- Login to Jenkins -\u003e Manage Jenkins -\u003e Configure System -\u003e Scroll to bottom -\u003e Configure the Dependency-Track URL and API key -\u003e Also enable Auto Create Projects -\u003e Test Connection -\u003e Save\n\n**Hint:** URL (if you have followed the exact steps) http://dependency-track-apiserver.deptrack.svc.cluster.local\n(Format: severiceName.namespace.svc.cluster.local)\n\n### New Jenkins Pipeline\n\nCreate a new Jenkins pipeline with this repo and trigger build\n\n- Login to Jenkins -\u003e New Item -\u003e Enter name and choose Pipeline -\u003e Choose GitHub project and set project URL\n- Under pipeline section, Choose Pipeline script from SCM\n- Choose git as SCM and provide repo details\n- Save\n\n# Pipeline\n\nRefer the below screenshot for the stages in the pipeline\n\n##### Pipeline View\n\n![Pipeline View](imgs/Secure_Pipeline_1.png)\n\n##### Stage View\n\n![Stage View](imgs/Secure_Pipeline_2.png)\n\n##### Dependency Track\n\n![Dependency Track View](imgs/Dependency_Track.png)\n\n## Tools\n\n| Stage               | Tool                                                                      |\n| ------------------- | ------------------------------------------------------------------------- |\n| Secrets Scanner     | [truffleHog](https://github.com/dxa4481/truffleHog)                       |\n| Dependency Checker  | [OWASP Dependency checker](https://jeremylong.github.io/DependencyCheck/) |\n| SAST                | [OWASP Find Security Bugs](https://find-sec-bugs.github.io/)              |\n| OSS License Checker | [LicenseFinder](https://github.com/pivotal/LicenseFinder)                 |\n| SCA                 | [Dependency Track](https://dependencytrack.org/)                          |\n| Image Scanner       | [Trivy](https://github.com/aquasecurity/trivy)                            |\n| Image Hardening     | [Dockle](https://github.com/goodwithtech/dockle)                          |\n| K8s Hardening       | [KubeSec](https://kubesec.io/)                                            |\n| IaC Hardening       | [checkov](https://www.checkov.io/)                                        |\n| DAST                | [OWASP Baseline Scan](https://www.zaproxy.org/docs/docker/baseline-scan/) |\n\n---\n\n### TODO\n\nImage Malware scanning - [ClamAV](https://github.com/openbridge/clamav)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frmkanda%2Fsecure-pipeline-java-demo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frmkanda%2Fsecure-pipeline-java-demo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frmkanda%2Fsecure-pipeline-java-demo/lists"}