Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/molu8bits/jenkins-security-pipelines
Jenkins security pipelines
https://github.com/molu8bits/jenkins-security-pipelines
declarative devsecops jenkins pipelines security zap
Last synced: about 2 months ago
JSON representation
Jenkins security pipelines
- Host: GitHub
- URL: https://github.com/molu8bits/jenkins-security-pipelines
- Owner: molu8bits
- License: mit
- Created: 2021-02-13T23:10:55.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2021-02-14T10:40:35.000Z (almost 4 years ago)
- Last Synced: 2024-08-01T22:05:15.709Z (5 months ago)
- Topics: declarative, devsecops, jenkins, pipelines, security, zap
- Homepage:
- Size: 7.81 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# jenkins-security-pipelines
Jenkins security pipelines for Kubernetes
* anchoreScanner - vulnerability scan using existing Anchore Engine
* buildDocker - build, test, push Docker image getting Dockerfile from specified repository
* dependencycheckUpdate - trigger update of Dependency-Check installed with MariaDB/MySQL backend. (4 cores to speed up)
* scoutsuite - ScoutSuite scan for AWS account
* zapBaseline - ZAP basic scan for specified URL
* zapActivescan - ZAP Active scan for specified URL
Some pipelines require to have Jenkins credentials and appropriate plugins.
All run as K8S pods hence integration of such with Jenkins is required.
ZAP scan tasks use a little bit old reporting plugin, to be changed when expected new one is finally available.