Overview:-
In this Blog, we will create a robust CI/CD pipeline that has essential security checks. We will explore how to integrate Trivy Scan, and SonarQube Analysis into our CI/CD Pipeline. By the end of this, we will understand how we can Keep Applications safe and maintain code quality. Downloading the code from GitHub, doing code analytics in SonarQube, deploying in the container called Docker tool, and presenting the result to the end-user.
Creating an EC2 Server and Connecting it using AWS CLI:-
Sign in to your AWS Console and search for EC2.
Click on Launch Instance.
Name it CICD_PIPELINE and in the Amazon Machine Image Choose Ubuntu.
Select the Instance type as t2.medium with EBS volume as 30 gb and region US-East-1.
In the Key Pair choose without Key Pair login.
Check the Network security group settings. Now from the right side click on Launch Instance.
Our Server is Launched now we have to connect it.
Check the Instance and click on Connect from the top right side.
Now click on the EC2 instance connect in the opened window which connects to the server through the aws cli
We are Connected with our Server.
Setting up Jenkins and installing Plugins:-
We need Jenkins, Docker, Sonarqube, Trivy, and Maven Installed on our Server for the Complete Working of the Pipeline.
First, run the Command:
sudo su
After this command run the Command that will install Jenkins:
#!/bin/bash
sudo apt update -y
sudo apt upgrade -y
sudo apt install openjdk-17-jre -y
curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee \
/usr/share/keyrings/jenkins-keyring.asc > /dev/null
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
/etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt-get update -y
sudo apt-get install jenkins -y
Now go to EC2 instance and select the security options in order to set the inbound rules for jenkins.
After selecting the security a window opens with the option Edit Inbound rules which should be selected.
In edit inbound rules give typew as all traffic and ipaddress as 0.0.0.0 in order to allow all the traffic ip addresses.
Use the Public-IP address of Jenkins server with port number 8080 Sign in to the Jenkins console by typing the given command
http://<EC2 Instance Public IP Address>:8080
After typing the address the Jenkins console will open.
Get the Administrator password by hitting the below command in the EC2 instance.
cat /var/lib/jenkins/secrets/initialAdminPassword
We will get a Password copy it Paste it in the Administrator password and click on Continue.
Click on the Install suggested plugins.
This will Start Installing Plugins.
Now we have to Create a User so fill it by your choice. Like I have filled Username, Password, Full name, and Email. Click on Save and Continue.
Here click on Save and Finish.
Click on Start using Jenkins.
We have our Jenkins Ready.
In your Jenkins click on New Item. Create the Pipeline Job.
Name it "Pipeline_Project" choose Pipeline and click on OK.
Copy the code from the GitHub repository and paste it in the Jenkins GUI server as shown below.
Add pipeline script as SCM with git as the option
Add plugins following Dashboard-> Manage Jenkins -> Plugins -> Available Plugins
Plugins for SonarCube/JFrog
Sonar Gerrit
SonarQubeScanner
SonarQubeGenericCoverage
SonarQualityGates
QualityGates
Artifactory
Jfrog
Make sure that all the plugins are installed in the jenkins in order to carry the CI/CD project further.