- Version
- Download 2
- File Size 1.49 MB
- File Count 1
- Create Date December 4, 2024
- Last Updated December 4, 2024
This project involved implementing a Jenkins Docker Pipeline, integrating multiple tools and techniques to achieve a fully automated CI/CD workflow. The project focused on DevOps best practices, security integration, and seamless deployment processes.
Infrastructure Setup:
- Launched an AWS instance (t2.large) as the base environment.
- Installed and configured Jenkins, Git, Docker, and Trivy to support the pipeline requirements.
Tool Integrations:
- Configured Jenkins Plugins such as SonarQube, NodeJS, OWASP Dependency Check, and Docker Pipeline for enhanced functionality.
- Set up SonarQube using a Docker container for static code analysis and quality gate checks.
Pipeline Configuration:
Using a declarative Jenkins pipeline, the following steps were achieved:
- Clean Workspace: Cleared previous builds and logs to maintain a clean state.
- Code Management: Integrated Git to pull the source code from the repository.
- Static Code Analysis: Utilized SonarQube for analyzing the codebase and ensuring it meets quality standards.
- Quality Gates Check: Automated the process of verifying quality thresholds.
- Dependency Management: Installed project dependencies using NodeJS and conducted an OWASP Dependency Check to identify potential vulnerabilities.
- Vulnerability Scanning: Leveraged Trivy to scan files and Docker images for vulnerabilities.
- Docker Build and Push: Built a Docker image, tagged it, and pushed it to a remote Docker registry.
- Deployment: Deployed the Docker container, running the application on port 3000.
Security and Compliance:
- Integrated security scans at multiple stages using OWASP and Trivy to ensure the application and its dependencies are secure and free of vulnerabilities.