Time
4 hours 39 minutes
Difficulty
Beginner
CEU/CPE
5

Video Transcription

00:00
Lesson 2.4. We'll talk about Jenkins and just do an overview of it. It's gonna be important concept
00:07
for this class because I'm going to use Jenkins throughout. That's what kind of mentioned in in the Module one as we're gonna be building that are Jenkins Pipeline and create our own death, said Cops Pipeline. So it's good there
00:18
can see first how it's set up. We're gonna talk about getting, I said quickly. Here,
00:23
um, and then the next module actually demo and you'll see it running.
00:30
Four objectives. You just want to kind of define the Jenkins Pipeline the way it's going to set up,
00:35
explain the idea of stages and then show a sample. Jenkins file.
00:42
So, Jenkins, the way it's set up here, it doesn't really matter. But it's a bun to Lennox, and it's Jenkins. Is that Web app running on top of that?
00:49
Once it's running, you can't really tell other than some of the the code you may need to run might be specific. The operating system. But it's a nap like anything else.
00:58
So that's why I'm showing here as a pipeline. So
01:02
the way it's gonna be set up it have Java source code were using a Java vulnerable lap. Justices app that out there has
01:08
blatant vulnerabilities in it. So I'm gonna be just amusing everything from that.
01:15
So that's the first step is you have the source code in place
01:18
and we're gonna use a program called Maven, which is just this automation software take for taking that source code and building it into the web application,
01:26
Uh, file the war file.
01:30
Uh, it's it's already set up with maven. So that's why we're using that puts it. It helps already have the automation.
01:37
That's why I mentioned it will go in. Maybe we'll take that source code and turn it into the Web app archive. The more file
01:44
and they have dumped Tomcat running. And so we'll just were deployed that war file the Tomcat, and then the application becomes
01:51
visible, and it's way too running. So this is this would be the most simplified that you wouldn't really run this in a production environment like this. But I just want to keep that the idea is simple so we can understand. And then when you want to make it yourself, you can add complexity to it.
02:07
This is a Jenkins pipeline script again, this is, well, a demo in the next module. But just so you kind of understand the way you define the stages So in this day, to have a build stage which was mentioned maven building the source code and then below that is the delivery states. Why then
02:25
take that built code and deploy to the web application
02:30
the side of the application server, Tom Katniss, that in this case, you'll
02:35
if you've done program before, you kind of understand this this this hierarchy. If not, I'll explain it again. The next one. You kind of understand what it is. I just want to show it to you. And this is the whole Jenkins file will be available in the
02:50
that on the website for along with this course in the materials.
02:55
So I'm just highlighting here to show you here is the first stage
03:00
where it will build.
03:01
And then this is the first step here, where maven runs clean package and increase the runs clean to clean it up, and it runs package to actually build up the the the war.
03:14
And then then this naked stages. The delivery where I'm gonna then copy that target to Tomcat. This will obviously become more apparent when I show the Dembo later on.
03:27
Here's a question.
03:28
Does the pipeline concept makes sense?
03:36
So the idea of a pipeline is this orchestration off work unit, the city stages. So it said you have the build phase.
03:45
You have the delivery phase. We're gonna add a lot more to it because we're doing static and dynamic analysis. But the idea is that each one of the stages has exit criteria. So you say, in order to access the state successfully, this criteria must be it must be mad.
04:00
So in our case,
04:01
the if the source code has bugs in it and it doesn't compile maven would fail that the build would stop right there. The stage would then fail and the whole pipeline would fail. So you set this extra crate here said you can can you continue moving along and then you exit with a Web app at the editor, any type of apathy end
04:20
and we're doing dep sec up. So we assumed that it passed all of our work, our test criteria
04:27
and worse, assuming that it is secure at the end.
04:33
So we talked about Jenkins really quick just to set up the way it is
04:38
in this model. And next since we've read, reached the end of the module, just kind of recap the concepts we learned.

Up Next

DevSecOps Fundamentals

DevSecOps training helps students learn to incorporate security features in every step of the development process and navigate distinct security challenges in custom software and web applications.

Instructed By

Instructor Profile Image
Philip Kulp
Instructor