Jenkins

Jenkins is an open-source automation server that facilitates the automation of building, testing, and deploying software applications. It provides a platform for building, deploying, and automating any project, making it a key tool for continuous integration and continuous delivery (CI/CD) pipelines.

Usage of Jenkins in Delivery Shield

The following are the uses of integrating Jenkins with Delivery Shield:

  • Delivery Shield supports Jenkins as a Continuous Integration (CI) tool as well as a Continuous Deployment (CD) tool.

  • In CI - Delivery Shield gets notified for every Jenkins pipeline execution. It collects the build-related data to run security analysis on the dependencies, build artifacts and the pipeline steps configuration.

  • Delivery Shield can detect build artifacts (images), and display them on the Artifact Security page, showing their security status, list of vulnerabilities and other information.

  • It collects metadata such as job name, trigger, Artifact SHA etc., to perform artifact integrity checks to ensure the supply chain security is intact. Also, the collected metadata gets populated in the DBOM for audit purposes.

  • In CD - Delivery Shield gets notified for every Jenkins pipeline execution. It performs security analysis on the image being deployed and the target cluster in which the image is deployed.

Pre-requisites

Before proceeding with integrating Jenkins in Delivery Shield make sure the following components are available:

  • Jenkins version should be greater than 2.277.4

  • Java version (that Jenkins is running on) should be Java 8 or more.

  • Git and docker should be installed on the host.

  • Along with the RabbitMQ related details that have to be entered in the plugin configuration, you need to specify an archive file and a key for the image name that the plugin needs to look for.

Optional

  • It is good to have a git plugin to clone the repository.

  • It is good to have the build user var plugin installed. This ensures that you have the build user vars option enabled for all builds in the Configure System section.

Before proceeding with Jenkins integration, you need to install the SSD plugin.

Integrate Jenkins as a CI Tool

Delivery Shield Plugin installation:

Follow the steps below to install SSD plugin:

  1. Run the below command in your system, to download the plugin file to your local machine.

curl -o ssd.hpi https://raw.githubusercontent.com/OpsMx/jenkins-plugin/july-rel/ssd.hpi

  1. Login to your Jenkins, go to Manage Jenkins > System > Advance Settings.

  2. Click the Deploy Plugin option and update the downloaded file.

  3. Click Deploy and restart Jenkins.

Connecting Jenkins with Delivery Shield

To connect Jenkins with Delivery Shield you need to do the following steps:

  • Configure the Delivery Shield plugin in Jenkins

  • Integrate Jenkins in Delivery Shield UI

Configuring the Delivery Shield Plugin in Jenkins

The primary step in the entire process is integrating the Delivery Shield Plugin. It is integrated with Jenkins using its external IP of the RabbitMQ service in Delivery Shield or the DNS value mapped to that service. This integration is used to push the build data to Delivery Shield.

Follow the steps mentioned below to integrate the Delivery Shield plugin.

  1. Navigate to Manage Jenkins > Configure System, where you will find the SSD Plugin.

  2. Enter the RabbitMQ details of your SSD as given below:

  1. Enter the build-job related details that the plugin needs to look for in the system as shown below:

  • Organization Name - Provide the name of the organization used in target SSD. You can get it from Setup > Access Management > Organization Settings page in SSD UI.

  • Build Archive File Name (Mandatory) - Provide the name of the build archive file that is used to save the image name(mandatory), image sha(optional), git repository(optional) and branch(optional). If the key for image sha is not defined then it will be derived from the console text. The git repo and branch would be needed if repositories are not being cloned from the git plugin.

  • Delimiter - Provide the symbol that you are using to separate the Key and Values in the Archive file.

  • Artifact Name Key - Provide the name of the Artifact Key value given in the archive file.

  • Image Sha Key (Optional) - Name of the key that is used for the image sha in the archive file. If not defined then it will be derived from the console text. The key and the value should be separated by a space.

  • Application Tag Key (optional) - Provide the Application Tag Key value given in the Archive file. The tags added for each build in the build event is provided here.

  1. Enter the organization-related details as shown below:

  • Team Access Token (mandatory) - The team access token is generated in the SSD UI. The generated token is provided here to connect the applications to the respective teams. To know the details on how to generate tokens, see Manage Teams and Access.

  • Deployment Archived file Name - Provide the file name that you are archiving from Jenkins Deploy job.

  • Delimiter - Provide the symbol that you are using to separate the Key and Values in the Archive file.

  • Artifacts Name Key - Provide the name of the Artifact Key value given in the archive file..

  • Application Name Key - Provide the name of the Application Name Key value given in the archive file.

  • Account Key - Provide the the name of the Account Key value given in the archive file.

  • Service Key - Provide the name of the Service Key name value given in the Archive file.

  • Namespace Key (optional) - Provide the name of the Namespace Key value from the Archive file. If you don’t give any value of Namespace in Archive file, it will take it as default.

  • Application Tag Key (optional) - Provide the the name of the Application Tag Key value from the Archive file. The tags added for each build in the deploy event is provided here. If you do not want to provide any tags it can be left as such.

  • Service Url Key - Provide the name of the Service Url Key value from Archive file.

The name given in the Organization Name field must be the same name given in the API file.

  1. Check the Enable Non Kubernetes Deployment option if all or most of the jobs in your Jenkins are deploying to non kubernetes environments.

  2. Check the connection to RabbitMQ by clicking on Test Connection to RabbitMQ. If you are using SSL/TLS for the connection, check the Is the connection to RabbitMQ secure? checkbox.

  3. Click Save to update the configurations. The Build and Deploy events of jobs which are matching with above configuration will be sent to SSD.

Integrate Jenkins in Delivery Shield:

  1. Navigate to Setup > Integrations.

  2. In the Build panel, click on Jenkins.

You can use the toggle button provided below the integration tile to enable or disable it as needed.

  1. The Jenkins integration page is displayed. Click +New Account.

  2. In the popup that appears, enter the following details:

  1. Enter the Account Name, Approved Build User names, Host URL, Username and Password:

  • Account Name - Enter the name of your Jenkins integration.

  • Host Url - Enter the Jenkins URL.

  • Username - Enter the username to access Jenkins.

  • Password - Enter the password to access Jenkins.

    1. Select the Teams and the corresponding Environments from the dropdown for which you want the integration to be available. The integration will be available for the selected teams and environment only.

    You can select up to 5 teams for the integration to be displayed.

    • An example is given below for reference:

    • In the example above,

      • if Team 1, Team 2, and Team 3 are selected, only applications associated with these teams can access the integration. Any applications belonging to other teams, such as Team 4, will not have access to this account.

      • Even if the user who created this account is also an admin for Team 4, the integration account remains restricted and is not available for Team 4.

      • Access to the account is strictly limited to the specified Teams and Environments selected during account creation.

    • For Organization Admins:

      • When an Organization Admin creates an account without selecting specific Teams and Environments, the account will be universally applicable, granting access to all teams and all environments by default.

    • For Team Admins with Multiple Teams:

      • If a Team Admin who manages multiple teams creates an account without specifying particular Teams and Environments, the account will only be accessible to the teams for which the logged-in user holds admin privileges.

  1. Click Save. The Jenkins account gets integrated in the build stage.

  2. On clicking the Jenkins tab, the details of the configured account, including the URL and its Risk Status, are displayed as shown below:

  1. You can Edit, Delete and View Plugins associated with the Jenkins account by clicking the three dots provided at the end of each added account.

  2. Click Edit, to update new values.

  1. Enter the new values and click Update.

  1. Click Delete, to delete the added account.

  2. Click View Plugins, and the associated plugins of the Jenkins account, are displayed in the Artifact Security page as shown below:

Troubleshooting:

If you face any issues while integrating Spinnaker to Secure Software Delivery, feel free to contact OpsMx support team.

PreviousBitbucketNextArgoCD

Last updated

Was this helpful?