Open in app

Sign in

Write

Sign in

DevSecOps CI/CD using Jenkins on a PHP codebase — Part I

Karthikeyan Rajangam
3 min readDec 22, 2020

DevOps is not only about software development and operations. To make complete utilization of the flexibility in DevOps approach, it is desirable for software developers to integrate IT security at every step during a software’s life cycle. It is, what DevSecOps is.

We will slowly learn a complete DevSecOps CI/CD implementation using Jenkins on a PHP codebase. The CI/CD implementation involves

  1. Pipeline
  2. Software Component Analysis(SCA)
  3. SAST(Static Analysis)
  4. DAST(Dynamic Analysis)
  5. Infrastructure as Code
  6. Compliance as Code
  7. Vulnerability Management

In this post, we will learn the environment setup for Jenkins in Linux Distribution based OS(Ubuntu) and basic pipeline.

Environment Setup

Refer to the complete documentation for Jenkins installation using the below URL.

Ref: https://www.jenkins.io/doc/

Jenkins is typically run as a standalone application and has a dependency with JAVA. Suggesting Java 11 run-time environment for Jenkins 2.263.1 and later to avoid plug-in errors during installation.

Basic Pipeline

A pipeline is a system consisting of one (or) more stages to continuously integrate/deliver/deploy software.

A stage is a combination of jobs to achieve the goal of stage.

Jobs in a stage are run in parallel and upon success, the pipeline moves to the next stage. If one of the jobs fails, the next stage is not executed.

The Jenkins pipeline can be created

  1. Through Blue Ocean
  2. Through the classic UI or
  3. In Source Control Management(SCM)

The “classic UI” helps to test/handle simple pipeline code snippets or pipelines that do not require source code to be checked out/cloned from a repository.

To gain greater control and flexibility over your pipeline, it is recommended that you use “Blue Ocean” (or) SCM. In the future(Part II) we will learn in detail.

For the quick start with the Jenkins pipeline, we will use “classic UI”.

Simple Pipeline:

After the successful installation of Jenkins, login using newly created user account credentials, if required. Now we will create a simple pipeline using “classic UI”.

If the Jenkins was set up properly with recommended plugins, clicking on “New Item” will list all the available options below the “item name” field.

From the available options choose Pipeline and click “ok”. Now you will see the pipeline tab for writing pipeline scripts.

We suggest copying the below basic pipeline script (Declarative Pipeline) and paste it in the script textarea field and click “save”.

pipeline {
    agent any 
    stages {
        stage('Stage 1') {
            steps {
                echo 'Hello world!' 
            }
        }
    }
}

Finally, click on the “Build Now” from the left side menu option to run the pipeline.

After the successful execution, the pipeline will be listed under build history(placed under menu options). Now you can click on the individual pipeline/build to view its information.

Click on the “Console Output” from the left side menu to view its complete execution information i.e started by, stages, status.

The console output for the above pipeline is shown below for your reference.

So far, we learned to create a simple pipeline. In the upcoming post, we will focus on creating a pipeline using SCM with docker.

Thanks for reading.

Jenkins Pipeline For Php
Jenkins Cicd For Php
Simple Jenkins Cicd Php

--

--

Karthikeyan Rajangam

Written by Karthikeyan Rajangam

1 Follower

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams