devsecops/Jenkinsfile at main · EdgarPsda/devsecops · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
// Update Jenkinsfile
pipeline{
  agent any
  stages{
    stage('Build Artifact'){
      steps{
        sh "mvn clean package -DskipTests=true"
        archive 'target/*.jar'
      }
    }

    stage('Unit Tests - JUnit and Jacoco'){
      steps{
        sh "mvn test"
      }
    }

    stage('Mutation Tests - PIT'){
      steps{
        sh "mvn org.pitest:pitest-maven:mutationCoverage"
      }
    }

    /* stage('SonarQube Analysis') {
      steps{
        sh "mvn clean verify sonar:sonar \
  -Dsonar.projectKey=numeric-application \
  -Dsonar.projectName='numeric-application' \
  -Dsonar.host.url=http://localhost:9000 \
  -Dsonar.token=sqp_23514502afc688639cdbc0a7f6a0bf4ccbb27691"
      }
    } */

/*     stage('Vulnerability Scan - Docker'){
      steps{
        sh 'mvn dependency-check:check'
      }
    } */

    stage('Vulnerability Scan - Docker'){
      steps{
        parallel(
          "Dependency Scan": {
            sh "mvn dependency-check:check"
          },
          /* "Tryvi Scan": {
            sh "bash trivy-docker-image-scan.sh"
          }, */
          /* "OPA Conftest":{
            sh "docker run --rm -v ${pwd}:/project openpolicyagent/conftest test --policy opa-docker-security.rego Dockerfile"
          } */
        )
      }
    }

/*     stage('Docker Build and Push'){
      steps{
        sh 'printenv'
        sh 'docker build -t edgarpsda/numeric-app:""$GIT_COMMIT"" .'
        sh 'docker push edgarpsda/numeric-app:""$GIT_COMMIT""'
      }
    } */

    stage('Vulnerability Scan - Kubernetes') {
       steps {
         parallel(
           "OPA Scan": {
             sh 'docker run --rm -v $(pwd):/project openpolicyagent/conftest test --policy opa-k8s-security.rego k8s_deployment_service.yaml'
           },
           "Kubesec Scan": {
             sh "bash kubesec-scan.sh"
           },
           "Trivy Scan": {
             sh "bash trivy-k8s-scan.sh"
           }
         )
       }
     }

    stage('Kubernetes Deployment - DEV'){
      steps{
        withKubeConfig([credentialsId: 'kubeconfig']){
          sh "sed -i 's#replace#edgarpsda/numeric-app:${GIT_COMMIT}#g' k8s_deployment_service.yaml"
          sh "kubectl apply -f k8s_deployment_service.yaml"
        }
      }
    }
  }

  post {
    always{
          junit 'target/surefire-reports/*.xml'
          jacoco execPattern: 'target/jacoco.exec'
          pitmutation mutationStatsFile: '**/target/pit-reports/**/mutations.xml'
          dependencyCheckPublisher pattern: 'target/dependency-check-report.xml'
    }
  }
}