Thursday, January 30, 2025

How to Setup AquaSec Trivy for Vulnerability scanning | How to scan Springboot Docker image using Trivy Scanner | Create Jenkins Pipeline for scanning Docker image for Springboot Microservices App

Pre-requisites:

Jenkins Pipeline for scanning docker image using Trivy scanner:

pipeline {
    agent any
    environment {
        registry = "acct_id.dkr.ecr.us-east-1.amazonaws.com/coachak/springboot-app"
    }

    stages {
        stage('Checkout') {
            steps {
                git 'https://github.com/akannan1087/docker-spring-boot'
            }
        }
        
        stage ("Build JAR") {
            steps {
                sh "mvn clean install"
            }
        }
        
        stage ("Build image") {
            steps {
                script {
                    dockerImage = docker.build registry
                    dockerImage.tag("$BUILD_NUMBER")
                }
            }
        }
        
    // Scanning Docker images using Trivy scanner
     stage('Trivy Security scan') {
     steps{
         script {
            sh "trivy image --severity HIGH,CRITICAL,MEDIUM acct_id.dkr.ecr.us-east-1.amazonaws.com/coachak/springboot-app:$BUILD_NUMBER"
         }
      }
     }
    // Uploading Docker images into AWS ECR
    stage('Pushing to ECR') {
     steps{  
         script {
                sh 'aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin acct_id.dkr.ecr.us-east-1.amazonaws.com'
                sh 'docker push acct_id.dkr.ecr.us-east-1.amazonaws.com/coachak/springboot-app:$BUILD_NUMBER'
         }
        }
     }
    }
}

Pipeline Output:




Scan report can be viewed in Jenkins


Watch steps in YouTube channel:

No comments:

Post a Comment

DevSecOps Bootcamp Feb 2025 Schedule | DevOps & AWS Azure Cloud Coaching by Coach AK | DevSecOps and Cloud Computing Online Classes

๐Ÿš€ Join the Ultimate DevSecOps Bootcamp – February 2025! ๐Ÿ”ฅ Are you ready to supercharge your career in DevSecOps ? Whether you're a be...