Jenkins Pipeline Generator
Create secure Jenkins pipelines with integrated security scanning and best practices.
What is Jenkins?
Jenkins is an open-source automation server that helps automate the parts of software development related to building, testing, and deploying, facilitating continuous integration and continuous delivery. With Jenkins, organizations can accelerate the software development process through automation.
Security Features
SAST Integration
Integrate Static Application Security Testing tools like SonarQube, Checkmarx, or Fortify to scan your code for vulnerabilities during the build process.
DAST Integration
Incorporate Dynamic Application Security Testing with tools like OWASP ZAP or Burp Suite to test your running application for vulnerabilities.
Dependency Scanning
Scan your dependencies for known vulnerabilities using tools like OWASP Dependency Check or Snyk to ensure your application doesn't include vulnerable components.
Container Security
Scan container images for vulnerabilities using tools like Trivy, Clair, or Anchore before deploying them to production.
Sample Pipeline
pipeline {
agent any
tools {
maven 'Maven 3.8.6'
jdk 'JDK 17'
}
stages {
stage('Checkout') {
steps {
checkout scm
}
}
stage('Build') {
steps {
sh 'mvn clean compile'
}
}
stage('SAST') {
steps {
withSonarQubeEnv('SonarQube') {
sh 'mvn sonar:sonar'
}
timeout(time: 10, unit: 'MINUTES') {
waitForQualityGate abortPipeline: true
}
}
}
stage('Dependency Check') {
steps {
sh 'mvn org.owasp:dependency-check-maven:check'
dependencyCheckPublisher pattern: 'target/dependency-check-report.xml'
}
}
stage('Unit Tests') {
steps {
sh 'mvn test'
}
post {
always {
junit '**/target/surefire-reports/*.xml'
}
}
}
stage('Package') {
steps {
sh 'mvn package -DskipTests'
archiveArtifacts artifacts: 'target/*.jar', fingerprint: true
}
}
stage('Build Docker Image') {
environment {
BUILD_NUMBER = sh(returnStdout: true, script: 'echo $BUILD_NUMBER').trim()
}
steps {
sh 'docker build -t my-app:${BUILD_NUMBER} .'
}
}
stage('Container Security Scan') {
steps {
sh 'trivy image --exit-code 1 --severity HIGH,CRITICAL my-app:${BUILD_NUMBER}'
}
}
stage('Deploy to Test') {
steps {
echo 'Deploying to test environment...'
// Add deployment steps here
}
}
stage('DAST') {
steps {
sh 'docker run --rm -v $(pwd):/zap/wrk owasp/zap2docker-stable zap-baseline.py -t http://test-app-url -g gen.conf -r zap-report.html'
archiveArtifacts artifacts: 'zap-report.html', fingerprint: true
}
}
stage('Security Gate') {
steps {
script {
def zapResult = readFile(file: 'zap-report.html')
if (zapResult.contains('High')) {
error "High severity vulnerabilities found in DAST scan"
}
}
}
}
stage('Deploy to Production') {
when {
branch 'main'
}
steps {
echo 'Deploying to production...'
// Add production deployment steps here
}
}
}
post {
always {
cleanWs()
}
success {
echo 'Pipeline completed successfully!'
}
failure {
echo 'Pipeline failed!'
}
}
}Getting Started
- Set up Jenkins on your server or use a cloud-hosted solution
- Install necessary plugins for security scanning, such as SonarQube, OWASP Dependency Check, and more
- Create a Jenkinsfile in your repository with your pipeline configuration
- Configure security tools and set up appropriate credentials in Jenkins
- Set up quality gates to prevent insecure code from being deployed