Integrating Trivy and SonarQube with Jenkins Pipeline
In this project, I will create a full CI/CD pipeline using Jenkins, incorporating SonarQube for code quality analysis and Trivy for container security scanning.
SonarQube is used for code quality scans and code coverage, while Trivy is utilized for filesystem and Docker image security scanning.
Step 1
Create an Ubuntu EC2 instance using a t2.medium or larger instance type. Ensure to generate a key pair for connecting to the EC2 instance. Finally, proceed with the instance creation.
Step 2
Next, access the EC2 instance, select the security group, and add inbound rules to allow traffic for Jenkins, SonarQube, and the final application.
- 8080 port: Jenkins
- 9000 port: SonarQube
- 8081 port: Web Application
Step 3
Next, connect to the EC2 instance using EC2 Instance Connect or an SSH client. Log in as the admin user and run the following script to install Jenkins.
Get the admin password using the following command.
sudo cat /var/lib/jenkins/secrets/initialAdminPassword
Step 4
Next, run SonarQube on the Ubuntu EC2 instance using the script provided below. Since SonarQube will run inside a Docker container, ensure Docker is installed before executing the SonarQube setup.
Next, log in to the SonarQube console at EC2_Public_IP:9000
, and generate a token for the administrator.
Step 5
Install Trivy using the following command. Trivy is used for filesystem scanning and container image scanning.
Step 6
Next, log in to Jenkins at Public_IP:8080
and create a user account.
Install SonarQube, Docker, and the Docker Pipeline plugin in Jenkins.
Step 7
In Jenkins global settings, configure the SonarQube and Docker installations.
Step 8
Add two Jenkins credentials: one for Docker and one for SonarQube.
Step 9
Next, click ‘Create Job’ and select ‘Pipeline’ as the template.
Next, enable ‘Discard Old Builds’ and set the ‘Max # of Builds’ to 2.
Next, go to the last option and select ‘Pipeline Script from SCM.’ Choose ‘Git’ as the repository type and select your Git credentials. Ensure that the Jenkinsfile inside the Git repository includes the repository URL. You can either clone or fork my sample Git repository for this purpose.
Finally, save the pipeline configuration and click ‘Build Now’ to start the build process.
Finally, you should see the application running.
Git Repository: https://github.com/sanju2/jenkins-cicd-pipeline.git
Thanks for reading the Article.
Connect with me
LinkedIn https://www.linkedin.com/in/lasanthasilva
Twitter https://twitter.com/LasanthaSilva96