Инсталляция Jenkins в ubuntu 22.04


Делаю:
2025.12.26


05 - Securing the Supply Chain with SCA

    stage('Static Analysis') {
      parallel {
        stage('Unit Tests') {
          steps {
            container('maven') {
              sh 'mvn test'
            }
          }
        }

        stage('SCA') {
            steps {
                container('maven') {
                    catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') {
                        sh 'mvn org.owasp:dependency-check-maven:check'
                    }
                }
            }
            post {
                always {
                    archiveArtifacts(
                        allowEmptyArchive: true,
                        artifacts: 'target/dependency-check-report.html',
                        fingerprint: true,
                        onlyIfSuccessful: true
                        )
                    // dependencyCheckPublisher pattern: 'report.xml'
                }
            }
        }

        stage('OSS License Checker') {
            steps {
                container('licensefinder') {
                    sh 'ls -al'
                    sh '''#!/bin/bash --login
                        /bin/bash --login
                        rvm use default
                        gem install license_finder
                        license_finder
                    '''
                }
            }
        }

      }
    }


SBOM with CycloneDX and Dependency Tracker

$ helm repo add evryfs-oss https://evryfs.github.io/helm-charts/
$ helm repo update



$ kubectl create namespace dependency-track



$ cd ~/tmp



$ cat > deptrack.values.yaml <<EOF
ingress:
  enabled: true
  tls:
    enabled: false
    secretName: ""
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
    ## allow large bom.xml uploads:
    # nginx.ingress.kubernetes.io/proxy-body-size: 10m
  host: dependencytrack.example.org

frontend:
  replicaCount: 1
  service:
    type: NodePort

apiserver:
  resources:
    # https://docs.dependencytrack.org/getting-started/deploy-docker/
    requests:
      cpu: 1
      memory: 3000Mi
    limits:
      cpu: 2
      memory: 7Gi
EOF



$ helm install dependency-track --values deptrack.values.yaml --namespace dependency-track evryfs-oss/dependency-track
$ helm list -n dependency-track



$ kubectl get pods -n dependency-track



// hosts
192.168.49.2 dependencytrack.example.org



// OK!
// admin /admin
http://dependencytrack.example.org/change-password?redirect=%2Fdashboard


Administration -> Access Management -> Teams -> Automation


Copy the API Key: AjqsiQwaewMwD1AoaZRaCHBJOR2D7XPu

Also add the following permissions

PROJECT_CREATION_UPLOAD POLICY_VIOLATION_ANALYSIS VULNERABILITY_ANALYSIS


Configure Jenkins to Connect with Dependency Tracker

http://192.168.49.2:30264/manage/pluginManager/available

  • OWASP Dependency-Track


http://192.168.49.2:31272/manage/configure


Dependency-Track URL : http://dependency-track-apiserver.dependency-track.svc.cluster.local

API Key ->

Kind - Secret Secret: key copied from Dependency-Track earlier id: dep-track-api-key

Check Auto Create Projects Box


Test Connection ->

The detected version 4.6.3 is older than the required version 4.12.0 and is no longer supported


jenkinsfile после

“OSS License Checker”

stage('Generate SBOM') {
    steps {
        container('maven') {
            sh 'mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom'
        }
    }
    post {
        success {
            dependencyTrackPublisher projectName: 'sample-spring-app',
                                     projectVersion: '0.0.1',
                                     artifact: 'target/bom.xml',
                                     autoCreateProjects: true,
                                     synchronous: true
            archiveArtifacts allowEmptyArchive: true,
                            artifacts: 'target/bom.xml',
                            fingerprint: true,
                            onlyIfSuccessful: true
        }
    }
}