| | |
| | | 1. [Arachni Crawler](http://www.arachni-scanner.com/) - Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications. It is free, with its source code public and available for review. It is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform. In addition, its simple REST API makes integration a cinch. |
| | | |
| | | ## Big Picture |
| | | This exercise begins cluster containing blah blah |
| | | > From the previous exercise; we gated our pipeline. Now we will add a pipeline-as-code in the form of the Jenkinfile and re-use it on the Backend too. |
| | | |
| | | ![big-picture](../images/big-picture/big-picture-3.jpg) |
| | | |
| | | _____ |
| | | |
| | |
| | | |
| | | GIT_SSL_NO_VERIFY = true |
| | | GIT_CREDENTIALS = credentials('jenkins-git-creds') |
| | | GITLAB_DOMAIN = "gitlab.apps.<SOME_DOMAIN>.com" |
| | | GITLAB_DOMAIN = "gitlab.<APPS_URL>" |
| | | GITLAB_PROJECT = "<GIT_USERNAME>" |
| | | } |
| | | ``` |
| | |
| | | 2. On the job's configure page; set the Branch Sources to `git` |
| | | ![multibranch-select-git](../images/exercise4/multibranch-select-git.png) |
| | | |
| | | 2. Fill in the Git settings with your `todolist-api` GitLab url and set the credentials as you've done before. `https://gitlab.apps.lader.rht-labs.com/<YOUR_NAME>/todolist-api.git` |
| | | 2. Fill in the Git settings with your `todolist-api` GitLab url and set the credentials as you've done before. `https://gitlab.<APPS_URL>/<YOUR_NAME>/todolist-api.git` |
| | | ![multibranch-git](../images/exercise4/multibranch-git.png) |
| | | |
| | | 2. Set the `Scan Multibranch Pipeline Triggers` to be periodic and the interval to 1 minute. This will poll the GitLab instance for new branches or change sets to build. |
| | |
| | | |
| | | 2. Open the `params/ocp-pipeline` file and update `PIPELINE_SOURCE_REPOSITORY_URL` with the git url of your project (Don't forget to add the `.git` at the end). For example: |
| | | ``` |
| | | PIPELINE_SOURCE_REPOSITORY_URL=https://gitlab.apps.<SOME_DOMAIN>.com/<GIT_USERNAME>/todolist-fe.git |
| | | PIPELINE_SOURCE_REPOSITORY_URL=https://gitlab.<APPS_URL>/<GIT_USERNAME>/todolist-fe.git |
| | | PIPELINE_SOURCE_REPOSITORY_REF=develop |
| | | NAME=todolist-fe |
| | | ``` |
| | |
| | | |
| | | 2. Update the `todolist-api/.openshift-applier/params/ocp-pipeline` |
| | | ``` |
| | | PIPELINE_SOURCE_REPOSITORY_URL=https://gitlab.apps.<SOME_DOMAIN>.com/<GIT_USERNAME>/todolist-api.git |
| | | PIPELINE_SOURCE_REPOSITORY_URL=https://gitlab.<APPS_URL>/<GIT_USERNAME>/todolist-api.git |
| | | PIPELINE_SOURCE_REPOSITORY_REF=develop |
| | | NAME=todolist-api |
| | | ``` |
| | |
| | | -e "filter_tags=zap" |
| | | ``` |
| | | |
| | | 3. Head to https://console.lader.rht-labs.com on OpenShift and move to your ci-cd project > builds. You should see `jenkins-slave-zap` has been built. |
| | | 3. Head to <CLUSTER_URL> on OpenShift and move to your ci-cd project > builds. You should see `jenkins-slave-zap` has been built. |
| | | ![zap-build](../images/exercise4/zap-build.png) |
| | | |
| | | #### 3b - Arachni Scan |
| | |
| | | |
| | | 3. Update the `jenkins-slave-arachni` files `SOURCE_REPOSITORY_URL` to point to your GitLab's hosted version of the `enablement-ci-cd` repo. |
| | | ``` |
| | | SOURCE_REPOSITORY_URL=https://gitlab.apps.lader.rht-labs.com/<GIT_USERNAME>/enablement-ci-cd.git |
| | | SOURCE_REPOSITORY_URL=https://gitlab.<APPS_URL>/<GIT_USERNAME>/enablement-ci-cd.git |
| | | SOURCE_CONTEXT_DIR=docker/jenkins-slave-arachni |
| | | BUILDER_IMAGE_NAME=registry.access.redhat.com/openshift3/jenkins-slave-base-rhel7:latest |
| | | NAME=jenkins-slave-arachni |
| | |
| | | -e "filter_tags=arachni" |
| | | ``` |
| | | |
| | | 3. Head to https://console.lader.rht-labs.com on OpenShift and move to your ci-cd project > builds. You should see `jenkins-slave-arachni`. |
| | | 3. Head to <CLUSTER_URL> on OpenShift and move to your ci-cd project > builds. You should see `jenkins-slave-arachni`. |
| | | ![builds-zap-arachni](../images/exercise4/builds-zap-arachni.png) |
| | | |
| | | _____ |