Lab 1 Pipeline
Jenkins-SAST-SCA-Kubernetes-DAST Pipeline
1: Get the Jenkins admin password
Connect via the console ad run this command to retrieve password
Or remotely connect to this instance like this:
2: Jenkins Configuration
Step 2a: Initial Setup
Step 2a1: Enter the requested password into the Jenkins given by AWS
The Jenkins instance is at the Public DNS URL created for this instance and click Continue
Step 2a2: Click Install Suggested Plugins
Step 3a2: Create Admin User information or click Skip and continue as admin
Step 4a2: Document Jenkins URL and click Save and Finish
Step 5a2: Click Start Using Jenkins
Step 2b: Configure Maven in Jenkins
Step 2b1: Click Manage Jenkins
Step 2b2: Click Global Tool Configuration
Step 2b3: Scroll to Maven section and click Add Maven
Step 2b4: Name Installation - Example from lab Maven_3_5_2
Step 2b5: Deselect Install Automatically to provide MAVEN_HOME path manually
Step 2b6: Get the Maven installation path by going to the ec2 instance command line and typing mvn -version
Step 2b7: Apply and Save Changes
Step 2c: Install Needed Plugins
Step 2c1: Go to the search bar to search and select the following plugins:
CloudBees AWS Credentials
Kubernetes CLI
Amazon ECR
Docker Pipeline
Step 2c2: Click Install without Restart
2: Create Kubernetes Cluster
Step 1: Connect to EC2 instance via command line by using the AWS Connect or SSH
Step 2: Run the eksctl
command to create a cluster with 2 nodes
Example command from training lab creating 2 medium nodes
Step 3: wait 15-20 minutes for cluster to be created successfully
3: Fork Training Pipeline1
Login to a Github account and fork the pipeline1 repo
Adding Credentials for other tools
4: SAST Tool SonarCloud Integration
Step 1: Login to SonarCloud account
Step 2: Click Create new organization
and Create an organization manually
Step 3: Type in a organization key for this lab and click continue
Step 5: Select Plan and Click create organization
Step 6: Click Analyze new Project
Step 7: Select Organization and create project key and display name (using all the same as the example did with bwa
is okay as well)
Step 8: Click the setup button
Step 9: Take the project and organization key and paste into Line #9 of of your repo's Jenkinsfile
Step 10: Go to SonarCloud myAccount section
Step 11: Go to Security tab and generate a Sonar token
IMPORTANT!: This token only shows up once. Copy it and save it in a secure location for later use.
Step 12: Paste Sonar token into Line #9 of your repo's Jenkinsfile
5: SCA Tool Snyk Integration
Step 1: Login to Snyk Account
Step 2: Go to Account setting and copy Auth token
Step 3: Go to Dashboard>Manage Jenkins>Credentials>System Global credentials (unrestricted)
and click Add Credentials
Step 4: Open the Kind Dropdown menu and select Secret Text
Step 5: Paste the AUTH Token from Snyk in the Secret field
Step 6: Ensure that the ID field here matches the corresponding field in line 5 of your repo's Jenkins file
7: Create Amazon ECR and AWS Credentials
Step 1: Got AWS Elastic Conatiner Registry (ECR) Dashboard
Step 2: Click Create repository
Step 3: Name repository
Step 4: Copy the supplied URL
Step 4: Paste the URL into line 34 the Jenkins file of your forked repo
Step 5:
8: Kubernetes Integration
Step 1: Connect to EC2 via AWS or SSH
Step 2: Display the contents of the config file with the below command:
Step 3: Copy the contents of the config file and paste them into a blank file without file extension
Step 4: Name it kubelogin, save the file to your local machine and note the location
Step 5: Go to the Jenkins credential manager
Step 6: in the Kind dropdown menu select secret file
Step 7: Upload the Kubernetes config file and use for kubelogin
credential
9: ZAP Integration
10: Run the pipeline
Useful EC2 Commands for Training Pipeline1
Useful Windows Commands
Delete AWS Role
Delete AWS profile
Delete Security Group
Cleanup Terraform Resources(VSCode)
Last updated