Pre-requisites:
- Springboot microservices app configured.
- Jenkins up and running
- Install Trivy scanner in Jenkins instance
- Docker installed in Jenkins instance
- Maven also configured in Jenkins under Manage Jenkins--> Tool
- Click here to for integrating Docker and Jenkins
- Pipeline stage view, Docker and Docker pipelines plug-in are installed
- Install AWS CLI
- Repo created in ECR for storing docker images, Click here to know how to do that.
- Create an IAM role with
Jenkins Pipeline for scanning docker image using Trivy scanner:
pipeline {
agent any
environment {
registry = "acct_id.dkr.ecr.us-east-1.amazonaws.com/coachak/springboot-app"
}
stages {
stage('Checkout') {
steps {
git 'https://github.com/akannan1087/docker-spring-boot'
}
}
stage ("Build JAR") {
steps {
sh "mvn clean install"
}
}
stage ("Build image") {
steps {
script {
dockerImage = docker.build registry
dockerImage.tag("$BUILD_NUMBER")
}
}
}
// Scanning Docker images using Trivy scanner
stage('Trivy Security scan') {
steps{
script {
sh "trivy image --severity HIGH,CRITICAL,MEDIUM acct_id.dkr.ecr.us-east-1.amazonaws.com/coachak/springboot-app:$BUILD_NUMBER"
}
}
}
// Uploading Docker images into AWS ECR
stage('Pushing to ECR') {
steps{
script {
sh 'aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin acct_id.dkr.ecr.us-east-1.amazonaws.com'
sh 'docker push acct_id.dkr.ecr.us-east-1.amazonaws.com/coachak/springboot-app:$BUILD_NUMBER'
}
}
}
}
}
Pipeline Output:
Scan report can be viewed in Jenkins
Watch steps in YouTube channel:
No comments:
Post a Comment