December 05, 2020

DevSecOps CI/CD using Jenkins on a PHP codebase

DevOps is not only about software development and operations. To make complete utilization of the flexibility in DevOps approach, it is desirable for software developers to integrate IT security at every step during a software’s life cycle. It is, what DevSecOps is.

We will slowly learn a complete DevSecOps CI/CD implementation using Jenkins on a PHP codebase. The CI/CD implementation involves

  1. Pipeline
  2. Software Component Analysis(SCA)
  3. SAST(Static Analysis)
  4. DAST(Dynamic Analysis)
  5. Infrastructure as Code
  6. Compliance as Code
  7. Vulnerability Management

In this post, we will learn the environment setup for Jenkins in Linux Distribution based OS(Ubuntu) and basic pipeline.

Environment Setup

Refer to the complete documentation for Jenkins installation using the below URL.

Ref: https://www.jenkins.io/doc/

Jenkins is typically run as a standalone application and has a dependency with JAVA. We suggest Java 11 run-time environment for Jenkins 2.263.1 and later to avoid plug-in errors during installation.

Basic Pipeline

A pipeline is a system consisting of one (or) more stages to continuously integrate/deliver/deploy software.

A stage is a combination of jobs to achieve the goal of the stage.

Jobs in a stage are run in parallel and upon success, the pipeline moves to the next stage. If one of the jobs fails, the next stage is not executed.

The Jenkins pipeline can be created

  1. Through Blue Ocean
  2. Through the classic UI or
  3. In Source Control Management(SCM)

The “classic UI” helps to test/handle simple pipeline code snippets. For the quick start with the Jenkins pipeline, we will use “classic UI” which is not recommended to handle complex pipelines.

To gain greater control and flexibility over your pipeline, it is recommended that you use “Blue Ocean” (or) SCM. In the future(Part II) we will learn in detail.

Simple Pipeline:

After the successful installation of Jenkins, login using newly created user account credentials, if required. Now we will create a simple pipeline using “classic UI”.

If the Jenkins was set up properly with recommended plugins, clicking on “New Item” will list all the available options below the “item name” field.

From the available options choose Pipeline and click “ok”. Now you will see the pipeline tab for writing pipeline scripts.

We suggest copying the below basic pipeline script (Declarative Pipeline) and paste it in the script textarea field and click “save”.

pipeline {
   agent any
   stages {
       stage('Stage 1') {
           steps {
               echo 'Hello world!'
           }
       }
   }
}

Finally, click on the “Build Now” from the left side menu option to run the pipeline.

After the successful execution, the pipeline will be listed under build history(placed under menu options). Now you can click on the individual pipeline/build to view its information.

Click on the “Console Output” from the left side menu to view its complete execution information i.e started by, stages, status.

The console output for the above pipeline is shown below for your reference.

Image for post