Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/chrisdc777/devsecops-inic
This project demonstrates setting up a DevSecOps CI/CD pipeline using Jenkins, Docker, Terraform, and Azure for deploying a web application, with SonarQube and Prometheus for quality assurance and monitoring.
https://github.com/chrisdc777/devsecops-inic
aks azure docker dockerfile github grafana jenkins kubernetes owasp prometheus sonarqube terraform trivy web-app
Last synced: about 1 month ago
JSON representation
This project demonstrates setting up a DevSecOps CI/CD pipeline using Jenkins, Docker, Terraform, and Azure for deploying a web application, with SonarQube and Prometheus for quality assurance and monitoring.
- Host: GitHub
- URL: https://github.com/chrisdc777/devsecops-inic
- Owner: ChrisDc777
- Created: 2024-10-31T21:03:58.000Z (3 months ago)
- Default Branch: main
- Last Pushed: 2024-11-01T07:04:10.000Z (3 months ago)
- Last Synced: 2024-11-01T07:26:08.338Z (3 months ago)
- Topics: aks, azure, docker, dockerfile, github, grafana, jenkins, kubernetes, owasp, prometheus, sonarqube, terraform, trivy, web-app
- Language: TypeScript
- Homepage:
- Size: 6.9 MB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# DevSecOps CI/CD Pipeline with Deployment on Azure
### For detailed web application information, please refer to the `README` file in the `src` directory.
## Setup Steps before running through Jenkins pipeline
1. **Install Jenkins, Docker, and Trivy**
2. **Create a SonarQube container using Docker and get a TMDB API Key**
```bash
docker run -d --name sonar -p 9000:9000 sonarqube:lts-community
```
3. **Install Prometheus and Grafana**
- Set up using `nssm` locally or on an Ubuntu instance.
- Install Node Exporter (or Windows Exporter if using Windows) and add it to the Prometheus configuration file (`prometheus.yml`) for detection.
4. **Integrate Prometheus with Jenkins**
- Install the Prometheus Plugin in Jenkins and connect it to your Prometheus server.
5. **Email Integration with Jenkins**
- Set up your Google Account and generate an App Password.
- Install the email notification plugin.
- Configure email notifications and add credentials.
- Set up the extended email notification settings.
6. **Install Required Plugins in Jenkins**
- Install plugins such as JDK, SonarQube Scanner, Node.js, and OWASP Dependency Check.
7. **Install Docker Related Plugins and Add DockerHub Credentials**
- Eclipse Temurin Installer
- Docker
- Docker Commons
- Docker Pipeline
- Docker API
- docker-build-step
9. **Build and Push Docker Image**
10. **Deploy the Docker Image**
## Further Steps for deployment
1. **Configure Azure and Deploy Resources with Terraform**
- Install terraform
- Set up Azure (or your chosen cloud provider) to use Terraform for deploying resources.
- After logging into Azure with the Azure CLI (`az login`), run the following commands:
```bash
terraform init
terraform plan
terraform apply
```
- (Optional) Deploy an Azure Container Registry (ACR) to store your Docker image.
- Only if ACR deployment fails, manually push the image to ACR.
3. **Deploy the App Image Using Kubernetes**
- Use Kubernetes to deploy the Docker image from ACR to Azure Kubernetes Service (AKS) using a deployment YAML file.
- Open PowerShell in Azure and execute the following commands:
```bash
az "dns_prefix" get-credentials --resource-group "resource_group_name" --name "aks_name"
kubectl apply -f deployment.yml
kubectl get service "service-name" --watch
```
- This will provide you with the external IP for your application, which you can access through a browser.
## Jenkinsfile
Here’s the complete pipeline for Jenkins:
```groovy
pipeline {
agent any
tools {
jdk 'jdk17'
nodejs 'node16'
}
environment {
SCANNER_HOME = tool 'sonar-scanner'
}
stages {
stage('Clean Workspace') {
steps {
cleanWs()
}
}
stage('Checkout from Git') {
steps {
git branch: 'main', url: 'https://github.com/ChrisDc777/devsecops-prufen.git'
}
}
stage('SonarQube Analysis') {
steps {
withSonarQubeEnv('sonar-server') {
bat ''' %SCANNER_HOME%\\bin\\sonar-scanner -D"sonar.projectName=Netflix" \
-D"sonar.projectKey=Netflix" '''
}
}
}
stage('Quality Gate') {
steps {
script {
waitForQualityGate abortPipeline: false, credentialsId: 'Sonar-token'
}
}
}
stage('Install Dependencies') {
steps {
bat "npm install"
}
}
stage('OWASP FS Scan') {
steps {
dependencyCheck additionalArguments: '--scan ./ --disableYarnAudit --disableNodeAudit', odcInstallation: 'DP-Check'
dependencyCheckPublisher pattern: '**/dependency-check-report.xml'
}
}
stage('Trivy FS Scan') {
steps {
bat "trivy fs . > trivyfs.txt"
}
}
stage('Docker Build & Push') {
steps {
script {
withDockerRegistry(credentialsId: 'docker', toolName: 'docker') {
bat "docker build --build-arg TMDB_V3_API_KEY= -t netflix ."
bat "docker tag netflix your-docker-name/netflix:latest"
bat "docker push your-docker-name/netflix:latest"
}
}
}
}
stage('Trivy Image Scan') {
steps {
bat "trivy image your-docker-name/netflix:latest > trivyimage.txt"
}
}
}
post {
always {
emailext attachLog: true,
subject: "'${currentBuild.result}'",
body: "Project: ${env.JOB_NAME}
" +
"Build Number: ${env.BUILD_NUMBER}
" +
"URL: ${env.BUILD_URL}
",
to: 'your-emailid-configured',
attachmentsPattern: 'trivyfs.txt,trivyimage.txt'
}
}
}
```
