Jenkins
Jenkins is an open-source automation server that facilitates the automation of building, testing, and deploying software applications. It provides a platform for building, deploying, and automating any project, making it a key tool for continuous integration and continuous delivery (CI/CD) pipelines.
Usage of Jenkins in SSD
The following are the uses of integrating Jenkins with SSD:
SSD supports Jenkins as a Continuous Integration (CI) tool as well as a Continuous Deployment (CD) tool.
In CI - SSD gets notified for every Jenkins pipeline execution. It collects the build-related data to run security analysis on the dependencies, build artifacts and the pipeline steps configuration.
SSD can detect build artifacts (images), and display them on the Artifact Security page, showing their security status, list of vulnerabilities and other information.
It collects metadata such as job name, trigger, Artifact SHA etc., to perform artifact integrity checks to ensure the supply chain security is intact. Also, the collected metadata gets populated in the DBOM for audit purposes.
In CD - SSD gets notified for every Jenkins pipeline execution. It performs security analysis on the image being deployed and the target cluster in which the image is deployed.
Pre-requisites
Before proceeding with integrating Jenkins in SSD make sure the following components are available:
Jenkins version should be greater than 2.277.4
Java version (that Jenkins is running on) should be Java 8 or more.
Git and docker should be installed on the host.
Along with the RabbitMQ related details that have to be entered in the plugin configuration, you need to specify an archive file and a key for the image name that the plugin needs to look for.
Optional
It is good to have a git plugin to clone the repository.
It is good to have the build user var plugin installed. This ensures that you have the build user vars option enabled for all builds in the Configure System section.
Before proceeding with Jenkins integration, you need to install the SSD plugin.
Integrate Jenkins as a CI Tool
SSD Plugin installation:
Follow the steps below to install SSD plugin:
Run the below command in your system, to download the plugin file to your local.
Login to your Jenkins and go to Manage Jenkins > Manage Plugins > Advance Settings.
Go to the Deploy Plugin option and update the downloaded file.
Click Deploy and restart Jenkins.
Connecting Jenkins with SSD
To connect Jenkins with SSD you need to do the following steps:
Configure the SSD plugin in Jenkins
Integrate Jenkins in SSD UI
Configuring the SSD Plugin in Jenkins
The primary step in the entire process is integrating the SSD Plugin. It is integrated with Jenkins using its external IP of the RabbitMQ service in SSD or the DNS value mapped to that service. This integration is used to push the build data to SSD.
Follow the steps mentioned below to integrate the SSD plugin.
Navigate to Manage Jenkins > Configure System, where you will find the SSD Plugin.
Enter the RabbitMQ details of your SSD as given below:
Enter the build-related details that the plugin needs to look for in the system as shown below:
Build Archive File Name (Mandatory) - Name of the build archive file that is used to save the image name(mandatory), image sha(optional), git repository(optional) and branch(optional). If the key for image sha is not defined then it will be derived from the console text. The git repo and branch would be needed if repositories are not being cloned from the git plugin.
Image Name Key (Mandatory) - Name of the key that is used for the image name in the archive file. The key and the image name should be separated by a space.
Image Sha Key (Optional) - Name of the key that is used for the image sha in the archive file. If not defined then it will be derived from the console text. The key and the value should be separated by a space.
Git Repository Key (Optional) - The key that is used for the git repository in the archive file. This will only be needed and used when the git plugin is not used to clone the repository. The key and the value should be separated by a space.
Git Branch Key (Optional) - The key that is used for the git branch in the archive file. This will only be needed and used when the git plugin is not used to clone the repository. The key and the value should be separated by a space.
Enter the organization-related details as shown below:
The name given in the Organization Name field should be the same name given in the API file.
Check the Monitor Other Artifacts checkbox to include the artifact types to be monitored. The artifacts should be in .deb format.
Check the connection to RabbitMQ by clicking on Test Connection to RabbitMQ. If you are using SSL/TLS for the connection check the Is the connection to RabbitMQ secure? checkbox.
Click Save.
Integrate Jenkins in SSD:
Navigate to Setup > Integrations.
In the Build panel, click on Jenkins.
The Jenkins integration page is displayed.
Click +New Account.
Enter the Account Name, Approved Build User names, Host URL, Username and Password as shown below:
Account Name - Enter the name of your Jenkins integration.
Approved Build User - Enter the list of authorized users to trigger builds in Jenkins. SSD will consider builds triggered by unauthorized users as a security issue. (For example, if your Jenkins username is admin@yourcompany.net and you are authorized to trigger builds, please enter the username in this field).
Host Url - Enter the Jenkins URL.
Username - Enter the username to access Jenkins.
Password - Enter the password to access Jenkins.
Click Save. The Jenkins account gets integrated with the build stage.
You can edit the entered values by clicking the three dots provided at the end of each added account. Click Edit.
Enter the new values and click Update.
The new values get updated.
Troubleshooting:
If you face any issues while integrating Spinnaker to Secure Software Delivery, feel free to contact OpsMx support team.
Last updated
