DevSecOps Bootcamp Apr 2025 Schedule | DevOps & AWS Azure Cloud Coaching by Coach AK | DevSecOps and Cloud Computing Online Classes

🚀 DevSecOps Bootcamp - Master Security in DevOps | April 2025

Are you ready to supercharge your career in DevSecOps? Whether you're a beginner or an experienced professional, this hands-on bootcamp will take you from zero to expert with real-world training on the latest DevSecOps tools and practices!

✅ Master Top DevSecOps Tools: Git, GitHub, Bitbucket, Jenkins, SonarQube, Slack, Trivy, Nexus, Terraform, Ansible, Docker, Kubernetes, Helm, Prometheus and more!
✅ Cloud Platforms – AWS & Azure
✅ Live Interactive Sessions – Get personalized guidance from industry experts!
✅ Weekend & Weekday Batches – Flexible schedules to fit your lifestyle!
✅ Weekday Evenings Batch Available! – Perfect for working professionals!
✅ Real-World Projects – Build experience that recruiters love!
✅ 100% Hands-On Training – No boring theory, just practical DevSecOps!
✅ Career Support & Guidance – Resume building, interview prep, and networking!

📅 Weekend Batch Starts: April 12th, 2025
🕒 Batch Timings:

• Weekend Batch: Saturdays (11:35 AM - 01:30 PM CST) & Sundays (1:00 PM - 3:00 PM CST)

📅 Weekday Evening Batch Starts: Apr 22nd, 2025
🕒 Batch Timings:

• Weekday Evenings Batch: Tuesdays & Thursdays (6:00 PM - 8:00 PM CST)

📍 Online – Learn from Anywhere!

🎯 Spots are Limited! Secure your seat now and take the first step toward becoming a DevSecOps pro!

📞 Contact Coach AK Now:
📱 +1 (469) 733-5248 (WhatsApp Available)
📧 devops.coaching@gmail.com

💥 Act Fast! Early Bird Discounts Available! 🚀

👉 Register Today by making payments, contact Coach AK!

📈 Why Join This Bootcamp?

✅ Hands-on Training – Work on real-world projects
✅ Learn Top Security Tools – SonarQube, Trivy, Aqua Security, GitHub Advanced Security
✅ Expert-Led Live Sessions – Interactive & practical guidance
✅ Career Support – Resume tips, interview prep & certification guidance
✅ Project-Based Learning – Apply skills in real DevOps environments

DevSecOps Tutorials | How to setup Prowler in AWS cloud to evaluate AWS Security

Prowler is a open source security auditing tool designed to assess security best practices, misconfigurations, and compliance in AWS environments.

Key Features of Prowler:

•  Customizable, and lightweight
•  AWS Security Best Practices – Checks for security misconfigurations in AWS services.
  
•  Compliance auditing 
•  Multi-Account Scanning – Can scan multiple AWS accounts.
•  Multiple Output Formats – Generates JSON, CSV, HTML, and JUnit reports.
  
•  Works with CI/CD, AWS Organizations, and automated security workflows 

Pre-requisites:

• AWS cli installed

Install Required Dependencies:

sudo apt update && sudo apt install -y unzip awscli jq python3-pip git

How to setup in Prowler in AWS cloud?

git clone https://github.com/prowler-cloud/prowler.git

cd prowler

chmod +x prowler

./prowler

Run Prowler Scans

To Run a Full AWS Security Scan. 

./prowler -M json,csv -o prowler-report

DevSecOps Bootcamp Apr 2025 Schedule | DevOps & AWS Azure Cloud Coaching by Coach AK | DevSecOps and Cloud Computing Online Classes

✔️ "🚀 DevSecOps Bootcamp - Master Security in DevOps | April 2025"

Are you ready to supercharge your career in DevSecOps? Whether you're a beginner or an experienced professional, this hands-on bootcamp will take you from zero to expert with real-world training on the latest DevSecOps tools and practices!

✅ Master Top DevSecOps Tools: Git, GitHub, Bitbucket, Jenkins, SonarQube, Slack, Trivy, Nexus, Terraform, Ansible, Docker, Kubernetes, Helm, Prometheus and more!
✅ Cloud Platforms – AWS & Azure
✅ Live Interactive Sessions – Get personalized guidance from industry experts!
✅ Weekend & Weekday Batches – Flexible schedules to fit your lifestyle!
✅ Weekday Evenings Batch Available! – Perfect for working professionals!
✅ Real-World Projects – Build experience that recruiters love!
✅ 100% Hands-On Training – No boring theory, just practical DevSecOps!
✅ Career Support & Guidance – Resume building, interview prep, and networking!

📅 Weekend Batch Starts: April 12th, 2025
🕒 Batch Timings:

• Weekend Batch: Saturdays (11:35 AM - 01:30 PM CST) & Sundays (1:00 PM - 3:00 PM CST)

📅 Weekday Evening Batch Starts: Apr 22nd, 2025
🕒 Batch Timings:

• Weekday Evenings Batch: Tuesdays & Thursdays (6:00 PM - 8:00 PM CST)

📍 Online – Learn from Anywhere!

🎯 Spots are Limited! Secure your seat now and take the first step toward becoming a DevSecOps pro!

📞 Contact Coach AK Now:
📱 +1 (469) 733-5248 (WhatsApp Available)
📧 devops.coaching@gmail.com

💥 Act Fast! Early Bird Discounts Available! 🚀

👉 Register Today by making payments, contact Coach AK!

📈 Why Join This Bootcamp?

✅ Hands-on Training – Work on real-world projects
✅ Learn Top Security Tools – SonarQube, Snyk, Trivy, Aqua Security
✅ Expert-Led Live Sessions – Interactive & practical guidance
✅ Career Support – Resume tips, interview prep & certification guidance
✅ Project-Based Learning – Apply skills in real DevOps environments

How to Implement CICD Pipeline using GitHub Actions | GitHub Actions Tutorials | GitHub Actions CICD Pipeline | How to Deploy Java WAR file using GitHub Actions and Maven to Tomcat Server

Please find steps for Deploying Java WAR file to Tomcat using GitHub Actions:

Watch Actions in YouTube:

Pre-requisites:

• Make sure Tomcat is up and running
• Tomcat Credentials configured with right permissions.
• Make sure Java Project is setup in GitHub

Implementation steps:

We need to setup secrets to store tomcat user name, password and Tomcat url.

Add Tomcat user name, password and Tomcat Host url as Secret in GitHub Actions

Go to your GitHub Repo --> Settings --> 

Click on Secrets and Variables under Security in left nav 

Click new Repository Secret

Create TOMCAT_HOST secret and add tomcat url

Create TOMCAT_USER secret and add user name

Create TOMCAT_PASSWORD secret and Tomcat password

GitHub Actions Workflow YAML for Deploying a WAR file to Tomcat

You will create this file .github/workflows/cicd.yaml inside GitHub Repo where your Java code is.

name: Build a WAR file using Maven and Deploy Java App to Tomcat running in AWS EC2

on:

  push:

    branches: [ "main" ]

jobs:

  build:

    runs-on: ubuntu-latest

    steps:

    - uses: actions/checkout@v3

    - name: Set up JDK 11

      uses: actions/setup-java@v2

      with:

        distribution: 'adopt'

        java-version: '11'

    - name: Build with Maven

      run: mvn clean install -f MyWebApp/pom.xml

    - name: Deploy to Tomcat

      run: |

        curl -v -u ${{ secrets.TOMCAT_USER }}:${{ secrets.TOMCAT_PASSWORD }} \

        -T MyWebApp/target/MyWebApp.war \

        "http://${{ secrets.TOMCAT_HOST }}/manager/text/deploy?path=/MyWebApp&update=true"

Commit the file.

As soon as you commit, build will run immediately in GitHub Actions. 

Now you can see the output of build in Actions tab.

Check the output in Tomcat

DevSecOps Bootcamp Apr 2025 Schedule | DevOps & AWS Azure Cloud Coaching by Coach AK | DevSecOps and Cloud Computing Online Classes

 🚀 Join the Ultimate DevSecOps Bootcamp – Apr 2025! 🔥

Are you ready to supercharge your career in DevSecOps? Whether you're a beginner or an experienced professional, this hands-on bootcamp will take you from zero to expert with real-world training on the latest DevSecOps tools and practices!

✅ Master Top DevSecOps Tools: Git, GitHub, Bitbucket, Jenkins, SonarQube, Slack, Trivy, Nexus, Terraform, Ansible, Docker, Kubernetes, Helm, Prometheus and more!
✅ Cloud Platforms – AWS & Azure
✅ Live Interactive Sessions – Get personalized guidance from industry experts!
✅ Weekend & Weekday Batches – Flexible schedules to fit your lifestyle!
✅ Weekday Evenings Batch Available! – Perfect for working professionals!
✅ Real-World Projects – Build experience that recruiters love!
✅ 100% Hands-On Training – No boring theory, just practical DevSecOps!
✅ Career Support & Guidance – Resume building, interview prep, and networking!

📅 Weekend Batch Starts: April 5th, 2025
🕒 Timings: Saturdays - 11:35 AM - 01:30 PM CST & Sundays -12:45 PM - 2:30 PM CST

📅 Weekday Evening Batch Starts: Apr 22nd, 2025
🕒 Timings: Tuesdays & Thursdays (6:00 PM - 8:00 PM CST)

📍 Online – Learn from Anywhere!

🎯 Spots are Limited! Secure your seat now and take the first step toward becoming a DevSecOps pro!

📞 Contact Coach AK Now:
📱 +1 (469) 733-5248 (WhatsApp Available)
📧 devops.coaching@gmail.com

💥 Act Fast! Early Bird Discounts Available! 🚀

👉 Register Today by making payments, contact Coach AK!

DevSecOps Bootcamp March 2025 Schedule | DevOps & AWS Azure Cloud Coaching by Coach AK | DevSecOps and Cloud Computing Online Classes

🚀 Join the Ultimate DevSecOps Bootcamp – March 2025! 🔥

Are you ready to supercharge your career in DevSecOps? Whether you're a beginner or an experienced professional, this hands-on bootcamp will take you from zero to expert with real-world training on the latest DevSecOps tools and practices!

✅ Master Top DevSecOps Tools: Git, GitHub, Bitbucket, Jenkins, SonarQube, Slack, Trivy, Nexus, Terraform, Ansible, Docker, Kubernetes, Helm, Prometheus and more!
✅ Cloud Platforms – AWS & Azure
✅ Live Interactive Sessions – Get personalized guidance from industry experts!
✅ Weekend & Weekday Batches – Flexible schedules to fit your lifestyle!
✅ Weekday Evenings Batch Available! – Perfect for working professionals!
✅ Real-World Projects – Build experience that recruiters love!
✅ 100% Hands-On Training – No boring theory, just practical DevSecOps!
✅ Career Support & Guidance – Resume building, interview prep, and networking!

📅 Weekend Batch Starts: February 22, 2025
🕒 Batch Timings:

• Weekend Batch: Saturdays (11:35 AM - 01:30 PM CST) & Sundays (12:45 PM - 2:30 PM CST)

📅 Weekday Evening Batch Starts: March 3rd, 2025
🕒 Batch Timings:

• Weekday Evenings Batch: Mondays & Wednesdays (6:00 PM - 8:00 PM CST)

📍 Online – Learn from Anywhere!

🎯 Spots are Limited! Secure your seat now and take the first step toward becoming a DevSecOps pro!

📞 Contact Coach AK Now:
📱 +1 (469) 733-5248 (WhatsApp Available)
📧 devops.coaching@gmail.com

💥 Act Fast! Early Bird Discounts Available! 🚀

👉 Register Today by making payments, contact Coach AK!

DevSecOps Bootcamp Feb 2025 Schedule | DevOps & AWS Azure Cloud Coaching by Coach AK | DevSecOps and Cloud Computing Online Classes

🚀 Join the Ultimate DevSecOps Bootcamp – February 2025! 🔥

Are you ready to supercharge your career in DevSecOps? Whether you're a beginner or an experienced professional, this hands-on bootcamp will take you from zero to expert with real-world training on the latest DevSecOps tools and practices!

✅ Master Top DevSecOps Tools: Git, GitHub, Bitbucket, Jenkins, SonarQube, Slack, Trivy, Nexus, Terraform, Ansible, Docker, Kubernetes, Helm, Prometheus and more!
✅ Cloud Platforms – AWS & Azure
✅ Live Interactive Sessions – Get personalized guidance from industry experts!
✅ Weekend & Weekday Batches – Flexible schedules to fit your lifestyle!
✅ Weekday Evenings Batch Available! – Perfect for working professionals!
✅ Real-World Projects – Build experience that recruiters love!
✅ 100% Hands-On Training – No boring theory, just practical DevSecOps!
✅ Career Support & Guidance – Resume building, interview prep, and networking!

📅 Weekend Batch Starts: February 22, 2025
🕒 Batch Timings:

• Weekend Batch: Saturdays (11:35 AM - 01:30 PM CST) & Sundays (12:45 PM - 2:30 PM CST)

📅 Weekday Evening Batch Starts: February 24, 2025
🕒 Batch Timings:

• Weekday Evenings Batch: Mondays & Wednesdays (6:00 PM - 8:00 PM CST)

📍 Online – Learn from Anywhere!

🎯 Spots are Limited! Secure your seat now and take the first step toward becoming a DevSecOps pro!

📞 Contact Coach AK Now:
📱 +1 (469) 733-5248 (WhatsApp Available)
📧 devops.coaching@gmail.com

💥 Act Fast! Early Bird Discounts Available! 🚀

👉 Register Today! Click Here

How to Setup AquaSec Trivy for Vulnerability scanning | How to scan Springboot Docker image using Trivy Scanner | Create Jenkins Pipeline for scanning Docker image for Springboot Microservices App

Watch steps in YouTube channel:

Pre-requisites:

• Springboot microservices app configured.
• Jenkins up and running
• Install Trivy scanner in Jenkins instance
• Docker installed in Jenkins instance
• Maven also configured in Jenkins under Manage Jenkins--> Tool
• Click here to for integrating Docker and Jenkins
• Pipeline stage view, Docker and Docker pipelines plug-in are installed
• Install AWS CLI
• Repo created in ECR for storing docker images, Click here to know how to do that.
• Create an IAM role with AmazonEC2ContainerRegistryFullAccess policy, attach role to Jenkins EC2 instance.

Jenkins Pipeline for scanning docker image using Trivy scanner:

pipeline {

    agent any

    environment {

        registry = "acct_id.dkr.ecr.us-east-1.amazonaws.com/coachak/springboot-app"

    }

    stages {

        stage('Checkout') {

            steps {

                git 'https://github.com/akannan1087/docker-spring-boot'

            }

        }

        

        stage ("Build JAR") {

            steps {

                sh "mvn clean install"

            }

        }

        

        stage ("Build image") {

            steps {

                script {

                    dockerImage = docker.build registry

                    dockerImage.tag("$BUILD_NUMBER")

                }

            }

        }

        

    // Scanning Docker images using Trivy scanner

     stage('Trivy Security scan') {

     steps{

         script {

            sh "trivy image --severity HIGH,CRITICAL,MEDIUM acct_id.dkr.ecr.us-east-1.amazonaws.com/coachak/springboot-app:$BUILD_NUMBER"

         }

      }

     }

    // Uploading Docker images into AWS ECR

    stage('Pushing to ECR') {

     steps{  

         script {

                sh 'aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin acct_id.dkr.ecr.us-east-1.amazonaws.com'

                sh 'docker push acct_id.dkr.ecr.us-east-1.amazonaws.com/coachak/springboot-app:$BUILD_NUMBER'

         }

        }

     }

    }

}

Pipeline Output:

Scan report can be viewed in Jenkins

How to create Pull Request (PR) templates in Azure Repos? | Creating pull request template in Azure Repos

Watch steps in YouTube channel:

Azure Repos allows you to create Pull Request (PR) templates to standardize and streamline the PR process for your team. This ensures that all necessary information is included, making the review process more efficient. 

Step-by-Step Guide

1. Navigate to Your Repository:

   • Go to the Azure Repos repository where you want to create a PR template.

2. Create a .azuredevops Directory:

   • create a new directory named .azuredevops in the root of your repository. This is where Azure Repos looks for configuration files, including PR templates.

3. Create a PULL_REQUEST_TEMPLATE File:

• Inside the .azuredevops directory, create a file named PULL_REQUEST_TEMPLATE.md. This file will contain the template for your pull requests.

      4. Add Template Content:

• Open the PULL_REQUEST_TEMPLATE.md file and add the content you want to include in your PR template. You can use Markdown to format the template. Here’s an example of a basic PR template:

## What type of PR is this? (check all applicable)
- [ ] 🍕 New Feature
- [ ] 🎨 Enhancment Feature
- [ ] 🐛 Bug
## Describe about your code changes
<!-- 
Please do not leave this blank 
This PR [adds/removes/fixes/replaces] the [feature/bug/etc]. 
-->
## Related Feature & Documents
<!-- 
Please use this format link issue numbers: Fixes #123
-->
## Screenshots/Recordings Link In Sharepoint
<!-- Visual changes require screenshots -->

## Created Unit tests, etc?
- [ ] 👍 yes
- [ ] 🙅 no, because they aren't needed
- [ ] 🙋 no, because I need help
## Added to documentation?
- [ ] 📜 README.md
- [ ] 📕 wiki
- [ ] 🙅 no documentation needed
## [optional] Are there any post-deployment tasks we need to perform?

    5. Commit and Push:

• Commit the PULL_REQUEST_TEMPLATE.md file to your repository and push it to Azure Repo.

git add .azuredevops/PULL_REQUEST_TEMPLATE.md 

git commit -m "Add pull request template" 

git push origin main

How to Setup AquaSec Trivy Vulnerability Scanner | How to install AquaSec Trivy Scanner on Linux OS | Security Scanning Tool | DevSecOps Tutorials

What is Trivy?

• open-source security scanner tool developed by Aqua Security. 
• Used for vulnerability scanning in such as 
• container images 
• file systems/folders 
• Git repositories
• Kubernetes clusters
• misconfiguration in files such as Terraform, K8S manifest files
• Trivy helps identify security issues and misconfigurations early in the software development lifecycle.

How to Install Trivy scanner on Linux OS?

Trivy scanner can be installed so many ways. Check here for more information. But we will using APT package manager to install on Ubuntu.

sudo apt-get install wget gnupg -y

wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null 

echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" | sudo tee -a /etc/apt/sources.list.d/trivy.list 

sudo apt-get update 

sudo apt-get install trivy -y

Check Trivy got installed

trivy --version

This confirm that Trivy got installed successfully.

Perform Docker image scan locally

trivy image nginx:latest

where nginx is name of the docker image

You can also pass arguments to filter based on severity

trivy image --severity HIGH,CRITICAL,MEDIUM nginx:latest

Perform scanning a Git Repo

trivy repo https://github.com/akannan1087/docker-spring-boot

where repo_url is the public git repo that you want to scan

Perform scanning a file system locally

trivy fs your_folder

where your_folder is directory on your machine where you have installed Trivy.

Additional links:

If you want to integrate Trivy with Jenkins CICD pipeline for automating docker image scanning, please click here.

If you want to integrate Trivy with Azure DevOps CICD pipeline for automating docker image scanning, please click here.

Watch the video in my YouTube channel:

Top 10 DevOps Popular Tools | Popular DevOps Tools You Must Know In 2025 | Learn DevOps Tools in 2025

Here are the top 10 DevOps Tools to focus on to put your DevOps learning on a faster track and kick start your career quickly as a successful Cloud engineer or DevOps engineer in about 10 to 12 weeks from now.

1.    Terraform - # 1 Infrastructure automation tool

2.    Git - BitBucket/GitHub/Azure Repos - # 1 - SCM tool
3.    Jenkins - # 1 CICD tool
4.    Docker - #1 Container platform 
5.    Kubernetes - #1 container orchestration tool 

6.    GitHub Actions - #3 CICD tool

7.    Ansible- #1 Configuration Management tool

8.    Azure DevOps – Microsoft platform for migrating applications to Azure Cloud

9.    SonarQube – #1 Code quality tool 
10.  Nexus - #2 Binary repo manager 

Finally having some scripting knowledge is also good – Python, YAML playbooks, JSON script
Cloud experience - AWS and Azure

 

Click here to know the complete roadmap..

Welcome To DevSecOps Coaching Program by Coach AK | Coaching pre-requisites before you join the program | Agile and DevOps Basics useful links

Welcome to DevSecOps Coaching Program by Coach AK! Thanks for showing interest in joining the program. Please go through the useful links before joining the coaching sessions live with Coach AK in zoom. 

Please click the below link to learn more about How the coaching program works.

https://www.coachdevops.com/2019/04/devops-coaching-model-information.html

Pre-requisites:
https://www.coachdevops.com/2019/01/pre-requisites-before-starting-devops.html

Once you create AWS account, GitHub and Bitbucket account using the above links, do the following to secure your AWS account:

https://www.cidevops.com/2018/09/how-to-enable-multi-factor.html

Learn more about AWS cloud in less than10 mins..
https://www.youtube.com/watch?v=r4YIdn2eTm4

Basic concepts to go through before you attend classes:

If you are new to IT, please learn more about Agile, DevOps from the below links:

https://www.tutorialspoint.com/agile/index.htm
https://www.edureka.co/blog/what-is-devops/
https://www.edureka.co/blog/devops-tutorial - nice read on DevOps

What is DevOps

https://www.youtube.com/watch?v=_I94-tJlovg&t=2s

Difference between Waterfall and Scrum 

https://www.youtube.com/watch?v=9TycLR0TqFA

 

Top 10 DevOps tools to learn in 2025

https://www.coachdevops.com/2025/01/top-10-devops-popular-tools-popular.html

Top DevOps Skills for 2025 | Skills required to become a DevOps engineer

https://www.coachdevops.com/2025/01/complete-roadmap-for-2025-to-become.html

Perform Security Scan for SpringBoot Microservice Docker image using Trivy Scanner and Azure YAML Pipeline | How to Scan Spring Boot Docker Image in Azure DevOps using Trivy Scanner

Perform vulnerability scan using Trivy scanner on Azure DevOps Pipeline

What is Trivy?

Trivy is an open-source security scanner tool developed by Aqua Security. It can scan:

• container images 
• file systems/folders 
• Git repositories
• Kubernetes clusters
• misconfiguration in files such as Terraform, K8S manifest files

Pre-requisites:

• Repo created in ACR, Click here to know how to do that.
• Springboot app Source code along with Dockerfile created along with the application source code
• Already created Azure DevOps dashboard in 

  https://dev.azure.com/

ADO Yaml Pipeline for scanning docker image using Trivy scanner in Azure Hosted Build Agent:

# Perform Trivy scan for Docker image and upload docker image into ACR

trigger:

- master

resources:

- repo: self

variables:

# Container registry service connection established during pipeline creation

dockerRegistryServiceConnection: '723477ce-4e05-4e6e-a3c1-13bdf919a5cd'

imageRepository: 'dockerspringbootapp'

containerRegistry: 'myacrrepo131.azurecr.io'

dockerfilePath: '$(Build.SourcesDirectory)/Dockerfile'

tag: '$(Build.BuildId)'

# Agent VM image name

vmImageName: 'ubuntu-latest'

stages:

- stage: Build

displayName: Build and push stage

jobs:

- job: Build

displayName: Build

pool:

vmImage: $(vmImageName)

steps:

- task: Maven@4

inputs:

mavenPomFile: 'pom.xml'

publishJUnitResults: true

testResultsFiles: '**/surefire-reports/TEST-*.xml'

javaHomeOption: 'JDKVersion'

mavenVersionOption: 'Default'

mavenAuthenticateFeed: false

effectivePomSkip: false

sonarQubeRunAnalysis: false

- task: Docker@2

displayName: Build a Docker image

inputs:

command: build

repository: $(imageRepository)

dockerfile: $(dockerfilePath)

containerRegistry: $(dockerRegistryServiceConnection)

tags: |

$(tag)

- task: Bash@3

displayName: "Install Trivy"

inputs:

targetType: inline

script: |

curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh

# Run Trivy Scan

- task: Bash@3

displayName: "Run Trivy Scan"

inputs:

targetType: inline

script: |

./bin/trivy image --severity HIGH,CRITICAL,MEDIUM --ignore-unfixed $(containerRegistry)/$(imageRepository):$(tag)

- task: Docker@2

displayName: push the image to container registry

inputs:

command: Push

repository: $(imageRepository)

dockerfile: $(dockerfilePath)

containerRegistry: $(dockerRegistryServiceConnection)

tags: |

$(tag)

Scan report can be viewed in Build output of Azure Pipelines

Watch Steps in YouTube channel:

How to Create a Docker Image for a Springboot App and Upload image into Azure Container Registry using Azure YAML Pipelines | Upload Spring boot Docker Image into Azure Container Registry (ACR)

We will learn how to build Docker image for a springboot app and upload the Docker image into Azure Container Registry(ACR) using Azure YAML pipelines.

Pre-requisites:

1. Azure subscription

2. Azure DevOps project dashboard in https://dev.azure.com/

3. Dockerfile created along with the application source code

4. Install Azure CLI

Create Resource Group

Make sure you are login to Azure portal first.

az login

Execute below command to create a resource group in Azure portal.

az group create --name myResourceGroup --location southcentralus

How to Create Azure Container Registry?

Run the below command to create your own private container registry using Azure Container Registry (ACR).

az acr create --resource-group myResourceGroup --name myacrrepo31 --sku Standard --location southcentralus

You can login to Azure portal to see the ACR repo.

How to create Azure Build YAML Pipeline

1. Login into your Azure DevOps dashboard

2. Click on Pipelines.

3. Click on New Pipeline

4. Click on GitHub Repo as we have code committed into GitHub

5. Enter your repo name and branch name where you have stored your source code along with Dockerfile.

Type docker as name and select the below repo

6. Click on Continue. Now choose the template by typing Docker, Select below task and Apply.

 

7. Choose the subscription

Click on Continue

Enter Microsoft credentials.

Now choose ACR repo and enter name for the image and select the path for Dockerfile

Click on Validate and configure.

# Create a Jar file using Maven

# Create a docker image and push the image to Azure Container Registry

# https://docs.microsoft.com/azure/devops/pipelines/languages/docker

trigger:

- master

resources:

- repo: self

variables:

# Container registry service connection established during pipeline creation

dockerRegistryServiceConnection: 'sdsd4'

imageRepository: 'mypythondockerrepo'

containerRegistry: 'myacrrep31.azurecr.io'

dockerfilePath: '$(Build.SourcesDirectory)/Dockerfile'

tag: '$(Build.BuildId)'

vmImageName: 'ubuntu-latest'

stages:

- stage: Build

displayName: Build and push stage

jobs:

- job: Build

displayName: Build

pool:

vmImage: $(vmImageName)

steps:

- task: Maven@4 inputs: mavenPomFile: 'pom.xml' publishJUnitResults: true testResultsFiles: '**/surefire-reports/TEST-*.xml' javaHomeOption: 'JDKVersion' mavenVersionOption: 'Default' mavenAuthenticateFeed: false effectivePomSkip: false sonarQubeRunAnalysis: false - task: Docker@2 displayName: Build and push an image to container registry inputs: command: buildAndPush repository: $(imageRepository) dockerfile: $(dockerfilePath) containerRegistry: $(dockerRegistryServiceConnection) tags: | $(tag)

Now click Save + run and run to start Building the pipeline. Now check the status of the pipeline.

Once the build is completed, you should be able to see the Docker images under 

Services --> Repositories

Clean up resources in Azure Cloud:
az group delete --resource-group MyResourceGroup

This should clean up resources in Azure cloud..

Watch Steps in YouTube channel:

Setup AquaSec Trivy for Vulnerability scanning | How to Set Up Trivy Scanner in Azure DevOps | How to scan Docker image using Trivy Scanner | Create Azure YAML Pipeline for scanning Docker image

Perform vulnerability scan using Trivy scanner on Azure DevOps Pipeline

Pre-requisites:

• Repo created in ACR, Click here to know how to do that.
• Dockerfile created along with the application source code
• Already created Azure DevOps dashboard in 

  https://dev.azure.com/

ADO Yaml Pipeline for scanning docker image using Trivy scanner:

# Docker

# Build and push an image to Azure Container Registry

# https://docs.microsoft.com/azure/devops/pipelines/languages/docker

trigger:

- master

resources:

- repo: self

variables:

# Container registry service connection established during pipeline creation

dockerRegistryServiceConnection: 'd676875f-d1fb-485a-8da4-88d6bfb04604'

imageRepository: 'mypythondockerrepo'

containerRegistry: 'myacrrep31.azurecr.io'

dockerfilePath: '$(Build.SourcesDirectory)/Dockerfile'

tag: '$(Build.BuildId)'

vmImageName: 'ubuntu-latest'

stages:

- stage: Build

displayName: Build and push stage

jobs:

- job: Build

displayName: Build

pool:

vmImage: $(vmImageName)

steps:

# build docker image

- task: Docker@2

displayName: Build Docker image

inputs:

command: build

repository: $(imageRepository)

dockerfile: $(dockerfilePath)

containerRegistry: $(dockerRegistryServiceConnection)

tags: |

$(tag)

# Install Trivy Scanner on Agent

- task: Bash@3

displayName: "Install Trivy"

inputs:

targetType: inline

script: |

curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh

# Run Trivy Scan

- task: Bash@3

displayName: "Run Trivy Scan"

inputs:

targetType: inline

script: |

./bin/trivy image --severity HIGH,CRITICAL,MEDIUM --ignore-unfixed $(containerRegistry)/$(imageRepository):$(tag)

# Push docker image

- task: Docker@2

displayName: push Docker image to container registry

inputs:

command: push

repository: $(imageRepository)

dockerfile: $(dockerfilePath)

containerRegistry: $(dockerRegistryServiceConnection)

tags: |

$(tag)

Scan report can be viewed in Build output of Azure Pipelines