OpenSecAtlas
OPENSECATLAS
11/12 free views
Template
Template
DevSecOps Tools

secure-pipeline-java-demo

by rmkanda

35stars
35forks
2watchers
Updated over 2 years ago
About

A demo Spring application with a Jenkins pipeline showcasing an end-to-end secure DevSecOps pipeline integrating multiple security tools for automation and vulnerability scanning.

No description available.

Primary Use Case

This tool is designed for DevOps and security engineers to demonstrate and implement secure CI/CD pipelines using Jenkins, Kubernetes, and various security scanners. It helps teams automate security checks such as secrets scanning, SAST, DAST, SCA, and container hardening within their build pipelines. Users can leverage this as a template to build secure pipelines for Java applications in Kubernetes environments.

Key Features
  • Integration of Jenkins pipeline with Kubernetes (Minikube) and Helm
  • Automated security scanning stages including secrets scanning, SAST, DAST, and SCA
  • Use of multiple open-source security tools like truffleHog, OWASP Dependency Check, Find Security Bugs, Trivy, Dockle, KubeSec, checkov, and OWASP Baseline Scan
  • Linking Jenkins with Dependency Track for vulnerability and policy violation analysis
  • Demonstrates image scanning and hardening for container security
  • Infrastructure as Code (IaC) hardening using checkov
  • Support for OSS license checking with LicenseFinder
  • Extensible pipeline template for secure DevSecOps practices

Installation

  • Install minikube v1.24.0 following https://kubernetes.io/docs/tasks/tools/install-minikube/
  • Install helm v3.7.2 following https://helm.sh/docs/intro/install/
  • Start minikube with: minikube start --nodes=1 --cpus=4 --memory 8192 --disk-size=35g --embed-certs=true --driver=hyperkit
  • Enable ingress addon in minikube: minikube addons enable ingress
  • Add Jenkins helm repo: helm repo add jenkins https://charts.jenkins.io
  • Update helm repos: helm repo update
  • Install Jenkins using helm: helm install jenkins jenkins/jenkins
  • Wait for Jenkins pod to start
  • Retrieve Jenkins admin password: kubectl exec --namespace default -it svc/jenkins -c jenkins -- /bin/cat /run/secrets/chart-admin-password && echo
  • Optionally forward Jenkins port: kubectl port-forward svc/jenkins 8080:8080

Usage

>_ minikube start --nodes=1 --cpus=4 --memory 8192 --disk-size=35g --embed-certs=true --driver=hyperkit

Starts a Minikube Kubernetes cluster with specified resources and driver

>_ minikube addons enable ingress

Enables the ingress addon in Minikube for routing

>_ helm repo add jenkins https://charts.jenkins.io

Adds the official Jenkins Helm chart repository

>_ helm repo update

Updates Helm chart repositories

>_ helm install jenkins jenkins/jenkins

Installs Jenkins server on Kubernetes using Helm

>_ kubectl exec --namespace default -it svc/jenkins -c jenkins -- /bin/cat /run/secrets/chart-admin-password && echo

Retrieves the Jenkins admin password from the pod

>_ kubectl port-forward svc/jenkins 8080:8080

Forwards Jenkins service port to localhost for UI access

>_ Configure Jenkins pipeline with Git SCM pointing to this repository

Sets up Jenkins pipeline to use the repository's Jenkinsfile for build and security stages

Security Frameworks
Reconnaissance
Resource Development
Initial Access
Defense Evasion
Discovery
Usage Insights
  • Integrate this pipeline template with existing CI/CD workflows to automate security testing and reduce manual effort.
  • Extend the pipeline to include custom compliance checks aligned with organizational policies for enhanced governance.
  • Use the Dependency Track integration to continuously monitor and remediate vulnerable dependencies in real-time.
  • Leverage container scanning and IaC hardening stages to enforce security best practices in Kubernetes deployments.
  • Incorporate alerting and reporting mechanisms to provide actionable insights to security and development teams.

Docs Take 2 Hours. AI Takes 10 Seconds.

Ask anything about secure-pipeline-java-demo. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.

This tool hasn't been indexed yet. Request indexing to enable AI chat.

Admin will review your request within 24 hours

Security Profile
Red Team40%
Blue Team85%
Purple Team75%
Details
LicenseMIT License
LanguageJava
Open Issues0
Topics
devsecops
devsecops-pipeline
security
security-tools
demo
boilerplate
pipeline
devops
jenkins-pipeline
devsecops-best-practices

Related Tools

earthly icon

earthly

earthly/earthly

Framework

Super simple build framework with fast, repeatable builds and an instantly familiar syntax – like Dockerfile and Makefile had a baby.

11.8K
10 months ago
pull icon

pull

wei/pull

Tool

🤖 Keep your forks up-to-date via automated PRs

6.6K
10 months ago
jx icon

jx

jenkins-x/jx

Tool

Jenkins X provides automated CI+CD for Kubernetes with Preview Environments on Pull Requests using Cloud Native pipelines from Tekton

4.6K
10 months ago
zizmor icon

zizmor

zizmorcore/zizmor

Tool

Static analysis for GitHub Actions

3.5K
3 months ago
garden icon

garden

garden-io/garden

Tool

Automation for Kubernetes development and testing. Spin up production-like environments for development, testing, and CI on demand. Use the same configuration and workflows at every step of the process. Speed up your builds and test runs via shared result caching

3.5K
10 months ago
okteto icon

okteto

okteto/okteto

Tool

Develop your applications directly in your Kubernetes Cluster

3.4K
10 months ago