Scribd Logo
Upload

Welcome to Scribd!

  • Cicd Session2 Class Notes

    Uploaded by

    anil
    13 views11 pages
    This document discusses integrating a Java application with SonarQube for code quality and vulnerability scanning. It provides steps for configuring the SonarQube properties file and integrating the Java code using Maven. It also discusses automating daily scans of 100 applications using REST APIs and sending email reports. Additional topics covered include code versioning with Git/GitHub, building JAR files with Maven, and storing artifacts in JFrog repositories. Security tools like Fortify are recommended to prevent attacks like XML entity expansion and denial of service.

    Original Description:

    Original Title

    CICD_SESSION2_CLASS_NOTES

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses integrating a Java application with SonarQube for code quality and vulnerability scanning. It provides steps for configuring the SonarQube properties file and integrating the Java code using Maven. It also discusses automating daily scans of 100 applications using REST APIs and sending email reports. Additional topics covered include code versioning with Git/GitHub, building JAR files with Maven, and storing artifacts in JFrog repositories. Security tools like Fortify are recommended to prevent attacks like XML entity expansion and denial of service.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    13 views11 pages

    Cicd Session2 Class Notes

    Uploaded by

    anil
    This document discusses integrating a Java application with SonarQube for code quality and vulnerability scanning. It provides steps for configuring the SonarQube properties file and integrating the Java code using Maven. It also discusses automating daily scans of 100 applications using REST APIs and sending email reports. Additional topics covered include code versioning with Git/GitHub, building JAR files with Maven, and storing artifacts in JFrog repositories. Security tools like Fortify are recommended to prevent attacks like XML entity expansion and denial of service.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 11

    CICD -> SONAR --> [ JENKINS ] -->

     
    SONAR -> JAVA / NODE /PYTHON
     
    INTEGRATING SONAR WITH ANY APP ****
     
    SONAR WHY??

    VULNERABILITIES -> SPAM EMAIL -> LINK ->


    WILL READ ALL YOUR DATA [ HAZARDOUS ]
     
    1. WHAT IS SONAR / TYPE OF SONAR /
    CODE SMELLS / WHAT QG KEPT SONAR
    APP -> VULNERABILITIES
    CODE SMELLS -> SAME CODE COPY PASTED
     
    INTERNET CODE ALREADY VULNERABLE
     
    2. SONAR -> QG /QP / PROJECT KEY./
    PROJECT NAME
     
     
    INTERGRATE JAVA/UI CODE WITH SONAR ->
     
    JAVA APPLICATION
     
    SONAR AUTOMATION -> 100 APPLICATION
    UNDER YOUR MANAGER
     
    DO YOU DAILY GO TO MANAGER -> WE
    DON’T GO
     
    WE WRITE AN AUTOMATION AS AN DEVOPS
    ENGINEER ->
     
    1. HIT THE REST API SONAR AND GET THE
    DATA [ RESUME ]
     
    https://singam.sonar.com -> ecommerce_key
     
    Ecommerce_value
     
    Curl -u username:paswrod
    https://singam.sonar.com --projectkey --
    projectname > test.txt
     
    For
     
    SEND EMAIL TO TEAMS
     

    git clone
    https://github.c
    om/praveen199
    4dec/kubernete
    s_java_deploy
    ment.git
     
     
     
     
     
     
    ********
     
    JENKINS AND GITHUB [ INTEGRATION WAS
    DONE BY JENKINSFILE ]
     
    JAVA APPLICATION INTRGRATED WITH
    SONARQUBE BY SONAR PROPERTIES FILE
     
    JAVA WITH MAVEN [ build tool ] -> POM.XML
    FILE
     
    Current version -> 0.0.1-SNAPSHOT [ 27 nov ] -->
    1.0.1-SNAPSHOT [ 23 DEC ]
     
    1 0 1 27 ----> hotfix
     
    Major.miinor.patch [ prod ]
     
    SHELL SCRIPT
     
     
     
    #/bin/sh
     
    cd ${WORKSPACE}/kubernetes_jenkins
     
    cat pom.xml | grep -i version > test.txt
     
    awk 1.0.1
     
    git push
     
    GITHUB -> CODE STORAGE [ MORE THAN 1
    GB ]
     
    MAVEN -> JAR
     
    JAR IS PLACED IN REPOSITORY WHICH IS
    CALLED JFROG [ LESS THAN 10 MB ]
     
    curl -u username:password urltohit
     
    PUT -> TO UPDATE THE DATA
    GET -> TO GET THE DATA
    DELETE -> TO DELETE THE DATA
    POST -> TO POST THE NEW DATA
     
     
     
    FORTIFY AS SECURITY TOOL -> VULNERABILITIES
     
    WHY AS A DEVOPS WE ARE LEARNING SECURITY????
     
    ANSWER -> BEACAUSE YOU HAVE TO PREVENT YOUR
    APPLICATION WITH MALWARE/ ATTACKS/ SERVER RELATED
    ISSUES FROM OUTSITE/ XML ATTACKS / EXTERNAL ENTITY
    ATTACK / DDOS [ DENIAL OF SERVICE ATTACK ]
     
    EXAMPLE ->
    1. UPLOADING AADHAR -> .PDF / .XML / .TXT -> 20 MB
     
    TWIST --> UPLAOD A FILE WITH JUNK DATA -->
     
    FORTIFY/CHECKMARX/BLACKDUCK
     
    ADHAAR [ 20 MB -> JUNK FORMAT -> SERVER -> OVERLOAD
    THE SERVER ]
     
    <>XML TAGS </>
    <>ADD JUNK DATA </>.
    <>XML TAGS </>
     
     
     

    Step 1 -> open my


    github project
    https://github.com/pr
    aveen1994dec/Docker
    _Setup/blob/main/doc
    ker-compose.yml
     
    Step 2 - Install
    Git/Gitbash and
    Docker
    https://
    docs.docker.com/
    desktop/install/mac-
    install/
     
    STEP 3 - git clone
    https://github.com/praveen19
    94dec/Docker_Setup.git
    [ cloning the repo from central
    server to local server ]
     

     
    STEP 4 - cd
    yourowndirectory/Docker_set
    up
    Step 5 - Change the volume
    mount path in file
     
    Step 6 - docker-compose
    up -d
     
    Step 7 - localhost:8089 ->
    install all plugins -> give
    username and passwrd
     
    Step 8 : Go to jenkins
    dashboard ->go to your
    manage jenkins -> manage
    plugins --> go to available
    section --> Search for docker
    pipleine
     
    GO TO MY WEBSITE
    WWW.PRAVEENSINGAMPALLI
    .COM
     
    LOGIN SAME EMAILDI
     
    GO TO COURSES -> CLICK ON
    100% JOB READY COURSE ->
    SESSION2 -> ONE PDF ->
    RECORDING [ TOMORROW
    MORNING ]

    You might also like