7F DevOps

Integration of Jenkins SonarQube Scanner, OWASP Dependency Check , JDK, NodeJs Plugins (Interesting COMBO!!)

Srikanth Pentapati's photo
Srikanth Pentapati
·

3 min read

First Let's Configure the Sonar Cube Server --->

Login with <SonarCubeIPaddress>:9000 --> Provide your username and password accordingly.

Go to SonarQube Server --> Click on Administration --> Security --> Users --> Click on the Tokens and Update Token --> Give it a name --> Copy the token which is created

Now, Navigate back to Jenkins --> Manage Jenkins --> Credentials --> System --> Click on the New Credentials button.

On the New Credentials page -->

Select Secret Text in the Kind.

Paste the secret that is copied from the sonarqube.

Given an ID Name for this such as "sonartoken"

and description as a "sonar token"

and click on Create.

Now, add the credentials for the Docker Hub in the Jenkins Credentials, just click on the global in the domain in the top section

Click on Add Credentials :

username: provide the docker hub username

password: provide the docker hub account password

ID: dockerhubcredentials

Description: Docker Hub Credentials

Click Create

Now Let's add credentials for Kubernetes

Click on the Add Credentials

From the server copy, the .\kube\config file, copy the file as a config.txt file and Upload the config.txt file

Provide ID: k8s

Description: k8s

Click on Create

In the SonarQube --> Administration --> Configuration --> WebHooks

Create a Webhook by clicking on the Create Button

Name: jenkins

provide the URL: http://<jenkins url ip address>:8080/sonarqube-webhook/

Create WebHook

Let's Install these Plugins in Jenkins in one shot -->

  • Login to Jenkins --> Navigate to Manage Jenkins --> Plugins --> Available Plugins

    Search and Select the following plugins

    • Eclipse Temurin Installer (Basically it's a JDK installer we are setting this because, in the future, if the dependency version is changed, then we can simply change the version here too)

    • SonarQube Scanner

    • NodeJS Plugin

    • OWASP Dependency-Check

    • Docker

    • Docker Commons

    • Docker Pipeline

    • Docker API

    • docker-build-step

    • Kubernetes

    • Kubernetes Credentials

    • Kubernetes Client API

    • Kubernetes CLI

💡
Install all of these without restart!! , If restarted that's better too which is optional.

Plugin Configurations:

Login back, Go to Tools in the Manage Jenkins. Manage Jenkins --> Tools --> In the JDK Installations --> Click on the Add JDK

  • Install JDK17 (which is right now a stable release used widely)

    • Name: jdk17

      * Check Install Automatically - Install from Adoptium.net --> Version --> jdk-17.0.9+9.1

Install NodeJS

  • Name: NodeJS16

  • Check Install Automatically - Install from nodejs.org --> Version --> NodeJS 16.20.2

  • Apply and Save

Go down a bit and set the Dependency-Check Installations Section and configure as shown below

Name: DependencyCheck

Select Install Automatically

Version: Dependency-Check 6.5.1

Click on Apply and Save

On the Same Page which is the Tools section of the Jenkins---> Manage Jenkins

Go to the Docker Installations Section --> Add Docker -->

name: docker

Select Install Automatically --> Select Latest

Click on Apply and Save

Now, let's go to Manage Jenkins --> Tools --> SonarQube Scanner Installations Section --> Click on Add SonarQube Scanner

Provide a Name: SonarQube-Scanner

Click on Apply and Save

Let's go back to the Manage Jenkins --> System, Navigate to the SonarQube Servers, In add the details

Name: Sonar-Server

Server URL - <Sonar Server ip>:9000

Server Authentication Token - sonartoken

Click on Apply and save it

Jenkins Job Creation

Go to the Landing Page --> Create a Job in Jenkins --> Select Net

sonarqubesonarqube installationsonarJenkinsjenkins pipeline