:::success
# OT Lab3 (DevSecOps)
**Name: Ahmad Mohamad Quasem Almoumani**
:::
---
# Task 1: Set up your environment.
:::info
**1. Create two VMs, for the Jenkins server and its agent.
a. Install Docker Engine on both VMs**
:::
i created two Virtual Machines (VMs)
**i used these command to install required packages**
```
sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg \
lsb-release
```
**then Add Docker's official GPG key**
`curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg`
**Set up the stable Docker repository**
```
echo \
"deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
```
**Install Docker Engine**
`sudo apt-get install docker-ce docker-ce-cli containerd.io`
**Verify Docker installation**
`sudo docker --version`
i installed Jenkins using Docker
and i retrieved the Jenkins unlock key
on the Jenkins server
i added a new node
on the other vm
i created a new directory for the agent:
`mkdir ~/jenkins_agent`
i downloaded the agent.jar file:
`wget http://10.1.1.17:8080/jnlpJars/agent.jar -O ~/jenkins_agent/agent.jar`
start the Jenkins agent using the jenkins/agent Docker image
using
`sudo docker run -d --name jenkins-agent -v ~/jenkins_agent:/home/jenkins -w /home/jenkins jenkins/agent java -jar /home/jenkins/agent.jar -jnlpUrl http://10.1.1.17:8080/computer/agent-1/slave-agent.jnlp -secret f361ba107cd005e99cec33bbf69d4bfae2194dac65ce4f8859c55ea9e6a78d18 -workDir "/home/jenkins"`
as you can see
the Jenkins agent is successfully connected to the Jenkins server. i can see in the logs that the agent has successfully connected with the "Connected" message at the end.
---
:::info
2. Isolate your Jenkins server behind a reverse proxy and access it through port 80 (e.g
Nginx Reverse Proxy).
:::
i installed Nginx on my server
```
sudo apt-get update
sudo apt-get install nginx
```
i created a new Nginx configuration file for your Jenkins server
`sudo nano /etc/nginx/sites-available/jenkins`
i added my configuration
```
upstream jenkins {
server 10.1.1.17:8080;
}
server {
listen 80;
server_name jenkins.example.com;
access_log /var/log/nginx/jenkins.access.log;
error_log /var/log/nginx/jenkins.error.log;
location / {
proxy_pass http://jenkins;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_buffering off; # Required for HTTP-based CLI to work over SSL
sendfile off;
# Required for the HTTP and CLI clients to work correctly
add_header 'X-SSH-Endpoint' '$host:$server_port' always;
}
}
```
i create a symbolic link to enable the configuration:
`sudo ln -s /etc/nginx/sites-available/jenkins /etc/nginx/sites-enabled/`
i tested the Nginx configuration for syntax errors:
`sudo nginx -t`
`sudo systemctl restart nginx`
to restart nginx
---
:::info
3. You will be working on the following Maven project. Go through it and familiarize yourself
(git clone https://github.com/HamidullahMuslih/ot-lab-sdlc.git ).
Note: the project is written in Springboot (Backend) and Bootstrap (Frontend) and
already contains unit test cases.
:::
i cloned the repository using the git clone command:
`git clone https://github.com/HamidullahMuslih/ot-lab-sdlc.git`
i changed my working directory to the cloned repository:
`cd ot-lab-sdlc`
i run the tests using the following command:
`mvn test`
the test results show that all 9 tests have run successfully with no failures, errors, or skipped tests. the project has been built successfully
---
:::info
4. Read and explain in one line sentence the Maven lifecycle. Understand commands for
each phase (e.g build, unit test, integration test, packaging and etc.) since you will need
to use them during the pipeline tasks.
:::
the Maven lifecycle is a predefined sequence of phases that Maven follows to build, test, package, and deploy a project, with each phase corresponding to a specific task, such as compiling source code, running unit tests, integration tests, packaging into various formats, and deploying to a repository or server.
---
# Task 2: Implement DevSecOps Pipeline.
:::info
1. Create the first job to fetch and build the Maven project. Note: skip the testing in this job.
:::
to create the first Jenkins job to fetch and build the Maven project without running tests, i did these steps:
i added a new item
i chose **GitHub hook trigger for GITScm polling** from Build Triggers
for this step i had to add a new **Webhooks**
and from Build Environment i chose **Add timestamps to the Console Output**: this option adds timestamps to each line in the console output, making it easier to track the progress and duration of each build step. this is helpful when analyzing build logs.
i installed Maven on my Jenkins serve
from manage jenkins then global tool configuration
the build was successful
---
:::info
2. Create the next job to perform the unit tests of the project.
:::
to create a new Jenkins job for running unit tests i did these steps:
i created a new item called **MavenProjectUnitTests**
in the "Source Code Management" section, i selected "Git" and past the url
Under "Build Triggers
i chose **Build after other projects are built**" and specified the previous job "MavenProjectBuild" as the upstream project. This will ensure that the unit tests are run after the build is completed.
in the "Build" section, click "Add build step" and i selected "**Invoke top-level Maven targets"**
in the "Maven Version" i chose the Maven 3.9.1
and the "Goals" **test**
the build was successful
---
:::info
3. Create the next job to perform the integration test on the project.
:::
to create a new Jenkins job for performing integration tests on my project i did these steps:
i created a new item called **MavenProjectIntegrationTests**
in the "Source Code Management" section, i selected "Git" and past the url
Under "Branches to build," i set the "Branch Specifier" to ***/main**
In the "Build Triggers" section i chose **Build after other projects are built**
and enter "**MavenProjectUnitTests**"
in the "Build" section, click "Add build step" and i selected "**Invoke top-level Maven targets"**
in the "Maven Version" i chose the Maven 3.9.1
and the "Goals" **verify -DskipUnitTests**
because the **verify** goal is chosen because it's a phase in the Maven build lifecycle that typically comes after the **test** phase, which is where unit tests are executed. By running the **verify** phase, you ensure that all previous phases, including **compile**, **test**, and **package**, have been executed successfully. This allows you to perform additional checks or tests, such as integration tests, before the build is considered complete.
The **-DskipUnitTests** flag is used to specifically skip the unit tests during the **test** phase, as they have already been executed in the previous Jenkins job (MavenProjectUnitTests). This allows you to focus on running the integration tests in this job and keep the different test types separate.
the build was successful
---
:::info
4. Create the next job to perform static code analysis on the project (e.g with the
CheckStyle, PMD, FindBugs tools). Note: Read about Warnings Next Generation Plugin.
a. Show the reports and share your understanding
:::
to create a job to perform static code analysis with CheckStyle, PMD, and FindBugs, and utilize the Warnings Next Generation Plugin, i did these steps:
i nstalled the required plugins in Jenkins
from "Manage Jenkins" > "Manage Plugins" > **"Available" i installed "Warnings Next Generation Plugin" , "Checkstyle", "PMD", and "FindBugs"**
i created a new Jenkins job called **MavenProjectStaticAnalysis**
in the "Source Code Management" section, i selected "Git" and past the url
Under "Branches to build," i set the "Branch Specifier" to ***/main**
i added a build step to run Maven with the required goals for CheckStyle, PMD, and FindBugs:
in the "Maven Version" i chose the Maven 3.9.1
and the "Goals" **clean install checkstyle:checkstyle pmd:pmd pmd:cpd findbugs:findbugs**
for the "CheckStyle" the "Pattern" to **/target/checkstyle-result.xml
for the "PMD" the "Pattern" to **/target/pmd.xml
for the "FindBugs" the "Pattern" to **/target/findbugsXml.xml
this is my report
* **CheckStyle:** CheckStyle is a tool that helps enforce coding standards by analyzing Java source code. It checks for issues related to style, formatting, naming conventions, and other best practices. It helps maintain consistency in code and improves readability.
* **PMD:** PMD is a source code analyzer for Java, JavaScript, and other languages. It detects common programming flaws, such as unused variables, empty catch blocks, unnecessary object creation, and so on. PMD helps developers identify potential issues that can lead to bugs or poor performance.
* **FindBugs**: FindBugs is a static code analysis tool for Java that focuses on finding potential bugs in the code. It uses bytecode analysis to detect issues like null pointer dereferences, resource leaks, and incorrect API usage. FindBugs helps improve the overall quality and reliability of the code.
* **Warnings Next Generation Plugin:** The Warnings Next Generation Plugin for Jenkins is designed to collect, analyze, and display the results of various static code analysis tools, like CheckStyle, PMD, and FindBugs. It offers a unified interface for viewing the reports and helps developers identify areas of their code that need improvement. The plugin also provides features like trend analysis, issue breakdown by severity or type, and detailed information about each issue found.
By utilizing these tools and the Warnings Next Generation Plugin in your pipeline, you can improve code quality, maintainability, and reduce the chances of introducing bugs. These tools help you catch potential issues early in the development process, making it easier to address them before they become a part of the deployed application.
Sign in with Wallet
Connect another wallet