This repository contains a sample Spring Boot application integrated with a CI/CD pipeline using Jenkins. The pipeline automates the build, test, and deployment processes, including OWASP Dependency Check, SonarQube Analysis, Docker image creation, vulnerability scanning, and deployment to a staging environment.
- Jenkins (CI/CD orchestration)
- Spring Boot (Application framework)
- Maven (Build automation)
- OWASP Dependency Check (Security scanning)
- SonarQube (Code quality analysis)
- Docker (Containerization)
- Trivy (Container security scanning)
- Docker Compose (Container orchestration)
The CI/CD pipeline follows these key stages:
-
Code Checkout
- Clones repository from GitHub
- Branch: main
-
OWASP Dependency Check
- Scans all project dependencies
- Generates HTML report
-
SonarQube Analysis
- Performs static code analysis
- Checks code quality
-
Build and Package
- Cleans workspace
- Compiles code
- Creates JAR file
-
Docker Build and Push
- Builds Docker image
- Tags with build number and latest
- Pushes to Docker Hub
-
Vulnerability Scanning
- Scans Docker image with Trivy
- Checks for security vulnerabilities
-
Staging Deployment
- Deploys using Docker Compose
- Sets up application stack
- Java JDK 17
- Maven 3.x
- Docker and Docker Compose
- SonarQube Server
- Git
-
Install required Jenkins plugins:
- Docker Pipeline
- SonarQube Scanner
- OWASP Dependency-Check
- Git
-
Configure Jenkins tools:
tools {
jdk 'jdk17'
maven 'maven3'
}- Add credentials:
- GitHub credentials (if repository is private)
- DockerHub credentials
- SonarQube token
- Install and start SonarQube server:
docker run -d --name sonarqube -p 9000:9000 sonarqube:latest- Configure SonarQube project:
- Create new project
- Generate authentication token
- Add token to Jenkins credentials
- Install Docker and Docker Compose
- Configure Docker Hub authentication