Vagrant for Local Setup

Initialize Vagrant with Ubuntu 

vagrant init ubuntu/jammy64

Update Vagrantfile

Uncomment the private and public network settings and set the private network as per your choice.

Start Vagrant 

vagrant up

(If prompted, choose network bridge 1.) Wait for it to be successfully up and running.

SSH into Vagrant Machine 

vagrant ssh

Set Hostname 

sudo hostname jenkins-apache
exec bash

Install Jenkins

Create a jenkins.sh file and add the following commands:

sudo vi jenkins.sh

Add the following content:

sudo apt-get update
curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee \    
    /usr/share/keyrings/jenkins-keyring.asc > /dev/null
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \    
    https://pkg.jenkins.io/debian-stable binary/ | sudo tee \    
    /etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt update
sudo apt install openjdk-17-jdk -y
sudo apt install openjdk-17-jre -y
sudo apt-get install jenkins -y
sudo systemctl enable jenkins
sudo systemctl start jenkins
sudo systemctl status jenkins

Make Jenkins Script Executable & Run 

sudo chmod +x jenkins.sh
./jenkins.sh

Retrieve Jenkins Admin Password 

ADMIN_PASSWORD=$(sudo cat /var/lib/jenkins/secrets/initialAdminPassword)
echo "Your Jenkins initial admin password is $ADMIN_PASSWORD"

Find IP Address 

hostname -I

Example output:

10.0.2.15 192.168.56.56 192.168.1.108 fd00::e3:d8ff:feeb:2b51

Access Jenkins at http://192.168.56.56:8080.

Install Docker 

sudo apt-get install docker.io -y
sudo usermod -aG docker $USER
sudo chmod 666 /var/run/docker.sock
sudo docker ps

Install SonarQube on Docker 

docker run -d --name sonar -p 9000:9000 sonarqube:lts-community

If unable to access:

sudo ufw enable
sudo ufw allow 9000/tcp

Install Trivy

Create a trivy.sh file and add:

sudo vi trivy.sh

Add the following content:

sudo apt-get install wget apt-transport-https gnupg lsb-release -y
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy -y
TRIVY_VERSION=$(trivy version)
echo $TRIVY_VERSION

Run:

sudo chmod +x trivy.sh
./trivy.sh

Configure Jenkins Plugins

Install the following plugins:

  • Eclipse Temurin Installer
  • SonarQube Scanner
  • Maven
  • OWASP Dependency Check
  • Docker Plugins

Configure Java and Maven

Go to Manage JenkinsTools → Install JDK and Maven3 → Apply and Save.

Create a Jenkins Pipeline Job

Create a new job, label it as PetClinic, select Pipeline, and add the following script:

pipeline {
    agent any
    tools{
        jdk 'jdk17'
        maven 'maven3'
    }
    stages{
        stage("Git Checkout"){
            steps{
                git branch: 'local', url: 'https://github.com/surendergupta/petclinic.git'
            }
        }
        stage("Compile"){
            steps{
                sh "mvn clean compile"
            }
        }
        stage("Test Cases"){
            steps{
                sh "mvn test"
            }
        }
    }
}

Configure SonarQube in Jenkins

  • Go to Manage JenkinsSystem → SonarQube installations → Add SonarQube
  • Name: sonar-server
  • Server URL: http://:9000
  • Authentication Token: sonar-token

Add SonarQube Scanner under Manage JenkinsTools.

Add SonarQube Analysis Stage to Pipeline 

stage("Sonarqube Analysis") {
    steps{
        withSonarQubeEnv('sonar-server') {
            sh ''' $SCANNER_HOME/bin/sonar-scanner -Dsonar.projectName=Petclinic \
            -Dsonar.java.binaries=. \
            -Dsonar.projectKey=Petclinic '''
        }
    }
}
stage("Sonarqube Quality Gate") {
    steps {
        waitForQualityGate abortPipeline: false, credentialsId: 'sonar-token'
    }
}

Configure OWASP Dependency Check

  • Go to Manage JenkinsPlugins → Install OWASP Dependency-Check.
  • Configure under Manage JenkinsTools → Add Dependency-Check.

Add OWASP Dependency Check Stage to Pipeline 

stage('OWASP FS SCAN') {
    steps {
        dependencyCheck additionalArguments: '--scan ./ --enableExperimental --format XML', odcInstallation: 'DP-Check'
        dependencyCheckPublisher pattern: '**/dependency-check-report.xml'
    }
}

Build and Install Stage 

stage("Build"){
    steps{
        sh "mvn clean install"
    }
}

Configure Email Notifications

Install the Email Extended Notification plugin and configure:

  • SMTP Server: smtp.gmail.com
  • Port: 465
  • Use SSL: Checked
  • Username:
  • Password:

Trivy File System Scan 

stage("Trivy File System Scan"){
    steps{
        sh "trivy fs --format table -o trivy-fs-report.html ."
    }
}

Email Trivy Report 

post {
    always {
        emailext attachLog: true,
        subject: "'${currentBuild.result}'",
        body: "Please find the attached Trivy FS Scan Report",
        recipientProviders: [[$class: 'DevelopersRecipientProvider']],
        attachmentsPattern: "trivy-fs-report.html"
    }
}

This completes the setup for a fully integrated PetClinic web application pipeline.