manogna's blog

Configuring Integration of CI/CD Pipeline for a Java Maven Project with Sonarqube, Trivy, and Docker

manogna's photo
manogna
ยท

3 min read

Prerequisites

Before configuring the pipeline, ensure that the following prerequisites are met:

  1. GitHub account

  2. Docker Hub account

  3. Aws account

  4. Basic knowledge of GitHub , Maven, SonarQube, Docker, and Trivy, Jenkins

Step 1: Project Setup

  1. Create an EC2 instance in your AWS account with the specified configurations: Ubuntu t2.medium instance type, 30GB EBS volume, in the us-east-1 region.

  2. Now login as root user

  3. Install Jenkins by using this Jenkins.sh

  4. Change the security group of ec2 Instance

  5. Sign into Jenkins console http://<EC2_PUBLIC_IP>:8080 , get the password using cat /var/lib/jenkins/secrets/initialAdminPassword and install all the suggested plugins

  6. create your first user and continue

Step 2 : Pipeline creation

  1. Repo url : mention the url of git where you stored your project source code

  1. Also the Branch name should be */main and the Script path: Jenkinsfile should be same for everyone , and save the changes

  2. Now we need to add Plugins , Go to Dashboard -> Manage Jenkins -> Plugins -> Available Plugins

  3. Plugins for Sonar/Jfrog:

    Sonar Gerrit

    SonarQube Scanner

    SonarQube Generic Coverage

    Sonar Quality Gates

    Quality Gates

    Artifactory

    Jfrog, But why are we adding plugins Because we have to run Sonarqube which increases the capability in Jenkins

  4. Now we have to install docker also use this docker.sh to install docker

  5. Now install sonarqube also, we installed docker and jenkins via commands but sonarqube we gonna install via docker command and hit http://<EC2_PUBLIC_IP>:9000 (9000 is the port for sonarqube)

  6. Now login into the sonarqube dashboard, username and password are admin

  7. create sonar token for jenkins, let's see how we can do it :

    Sonar Dashboard -> Administration -> My Account -> Security -> Create token

    -> Save the token to some text file

    Note: Name of the Token can be anything, Make sure to save the token

  8. We have to Integrate Jenkins with sonar to be able to communicate with eachother, Sonar Dashboard -> Administration -> Configuration -> webhooks -> Add name: Jenkins and url:http://:8080/sonarqube-webhook/ and save

  1. Now we have to install maven you can use maven.sh, also install trivy using trivy.sh

Step 3 : Tools Integration with Jenkins

  1. Now go to Jenkins Dashboard -> Manage Jenkins -> configure system

  1. Click on sonarqube servers -> add url and name -> Click on add token -> Select Secret text -> Add the sonar token (which earlier we saved ) -> Give name of token as sonarqube-api

  2. Now lets add docker hub credentials: Jenkins dashboard -> Manage Jenkins-> Credentials -> System -> click on global credentials , add the credentials as mentioned ๐Ÿ‘‡

step 4 : Add Jenkins shared Library

  1. Go to Manage Jenkins -> Configure system -> Global pipeline library -> Add below data :

    Name - my-shared-library

    Default version - main

    Git - https://github.com/manogna-chinta/jenkins_shared_lib.git

    If you observe the Java_app_3.0child Jenkins file matches with the name mentioned

  2. Now click on build now and ta-da, The pipelines are passed

  3. Now, let's take a look at the image we uploaded to Docker Hub

Parameters which we're creating from Jenkins file is helping us to create build with parameters in jenkins , Upon reviewing the logs, we can observe that an API has been generated alongside the provided credentials ๐Ÿ‘‡

Let's now navigate to SonarQube, where we can identify any code smells present.

Thank you for your time. If you found the information helpful, please consider giving it a like. Your feedback is appreciated!

Resources:

https://github.com/manogna-chinta/Java_app_3.0

https://github.com/manogna-chinta/jenkins_shared_lib

https://github.com/manogna-chinta/Tools_installation_scripts

JenkinsDockermaven
ย