diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..2f7896d1 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +target/ diff --git a/JenkinsFile b/JenkinsFile new file mode 100644 index 00000000..8b137891 --- /dev/null +++ b/JenkinsFile @@ -0,0 +1 @@ + diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 00000000..e7e45898 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,57 @@ +pipeline { + agent any + tools { + maven 'Maven' + } + stages { + stage ('Initialize') { + steps { + sh ''' + echo "PATH = ${PATH}" + echo "M2_HOME = ${M2_HOME}" + ''' + } + } + + stage ('Check-Git-Secrets') { + steps { + sh 'rm trufflehog.txt || true' + sh 'sudo -S trufflehog git https://github.com/Shubham-Bhingarde/webapp --results=verified > trufflehog.txt' + sh 'cat trufflehog.txt' + } + } + + + + stage ('SAST') { + steps { + sh "mvn clean verify sonar:sonar -Dsonar.projectKey=DevSecOps -Dsonar.projectName='DevSecOps' -Dsonar.host.url=http://10.210.12.92:9000 -Dsonar.token=sqp_bf397c7f86688af960d4b6b4f8fe3d7193d9e29b" + sh 'cat target/sonar/report-task.txt' + } + } + + stage ('Build') { + steps { + sh 'mvn clean package' + } + } + + stage ('Deploy-To-Tomcat') { + steps { + sshagent(['tomcat']) { + sh 'scp -o StrictHostKeyChecking=no target/*.war user1@10.210.12.93:/prod/apache-tomcat-9.0.110/webapps/webapp.war' + } + } + } + + + stage ('DAST') { + steps { + sshagent(['zap']) { + sh 'ssh -o StrictHostKeyChecking=no user1@10.210.12.83 "docker run -t owasp/zap2docker-stable zap-baseline.py -t http://10.210.12.93:8080/webapp/" || true' + } + } + } + + } +} diff --git a/pom.xml b/pom.xml index 3909d5ff..81ae9103 100644 --- a/pom.xml +++ b/pom.xml @@ -17,5 +17,12 @@ WebApp + + + org.apache.maven.plugins + maven-war-plugin + 3.4.0 + +