Skip to content

devopsred/jenkins-example

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

53 Commits

.librarian/puppet

.librarian/puppet

 
 

features

features

 
 

hieradata

hieradata

 
 

manifests

manifests

 
 

modules

modules

 
 

scripts

scripts

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

.rspec

.rspec

 
 

Gemfile

Gemfile

 
 

Gemfile.lock

Gemfile.lock

 
 

LICENSE

LICENSE

 
 

Puppetfile

Puppetfile

 
 

Puppetfile.lock

Puppetfile.lock

 
 

README.md

README.md

 
 

Rakefile

Rakefile

 
 

Vagrantfile

Vagrantfile

 
 

hiera.yaml

hiera.yaml

 
 

hiera_packer.yaml

hiera_packer.yaml

 
 

template.json

template.json

 
 

Repository files navigation

This repository contains a sample Jenkins continuous integration setup focused on security testing.

As well as installing Jenkins this projects creates a number of jobs which:

  • Download RailsGoat and run it's unit tests
  • Scan for known viruses using ClamAV
  • Check for insecure dependencies with bundler audit
  • Run a static anaylsis using the Brakeman security scanner
  • Spider and report issues found via OWASP ZAP
  • Generate some code metrics using Sloccount
  • Run the Capybara integration tests

We use the RailsGoat application as an example, for your own work you could swap this out for your own applications.

Getting started

First install Vagrant, which we're using the manage the virtual machines on which we're installing the tools.

Once you have Vagrant installed you'll need a few plugins.

vagrant plugin install vagrant-serverspec
vagrant plugin install vagrant-hosts
vagrant plugin install vagrant-cucumber-host

You'll need a basic Ruby environment for the following steps. First install Bundler which manages Ruby dependencies. Then install the Ruby and Puppet dependencies.

bundle install
bundle exec librarian-puppet install

Have a look in the Gemfile and Puppetfile for a pull list of what is being downloaded. If you don't have the bundle command available see the Bunder site for installation instructions.

And finally, lets boot the virtual machines.

vagrant up

DigitalOcean provider

By default this will use Virtualbox, but if you'd rather run a remote virtual machine it also contains a DigitalOcean configuration.

vagrant up --provider=digital_ocean

This relies on environment variables DIGITAL_OCEAN_CLIENT_ID and DIGITAL_OCEAN_CLIENT_API_KEY.

Build an image

As well as being able to launch local and remote instances, the repository also contains a Packer template for building an image in DigitalOcean. This could be adopted for other providers easily enough. With Packer install run the following:

packer build template.json

This requires the environment variables DIGITALOCEAN_API_KEY and DIGITALOCEAN_CLIENT_ID to be set.

Colophon

This uses a fair few open sources tools. Thanks in particular to:

About

A demonstration of a continuous integration pipeline focused on security testing

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Ruby 48.5%
  • Puppet 42.2%
  • Shell 7.4%
  • Gherkin 1.3%
  • HTML 0.6%