Jenkins Maven project

This article shows you how to create a test Jenkins Maven project that builds a Docker image and then scans it for vulnerability and compliance issues.

Configuring Maven

Configure Maven.
  1. Go to the Jenkins top page.
  2. Click Manage Jenkins.
  3. Select Global Tool Configuration.
  4. Scroll down to the Maven section (Not Maven Configuration), and click Add Maven.

Setting up a Maven project

Set up a Jenkins Maven project.
  1. Go to the Jenkins top page.
  2. Create a new project.
    1. Click
      New Item
      .
    2. In
      Item
      name, enter a name for your project.
    3. Select
      Maven project
      .
    4. Click
      OK
      .
  3. Add a build step.
    1. Scroll down to the
      Pre steps
      section.
    2. In the
      Add pre-build step
      drop-down list, select
      Execute shell
      .
    3. In the
      Command
      text box, enter the following:
      echo "Creating Dockerfile..." echo "FROM ubuntu:latest" > Dockerfile echo 'CMD ["/bin/bash", "sleep 240"]' >> Dockerfile echo 'docker build --no-cache -t dev/ubun2:test .' > build_image.sh chmod +x build_image.sh echo "Creating POM file..." cat > pom.xml << EOF <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>groupId</groupId> <artifactId>artifactid</artifactId> <version>1.0-SNAPSHOT</version> <packaging>jar</packaging> <name>projectName</name> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> </properties> <build> <plugins> <plugin> <artifactId>exec-maven-plugin</artifactId> <groupId>org.codehaus.mojo</groupId> <executions> <execution> <id>Build Image</id> <phase>generate-sources</phase> <goals> <goal>exec</goal> </goals> <configuration> <executable>build_image.sh</executable> </configuration> </execution> </executions> </plugin> </plugins> </build> </project> EOF
  4. Add a build step that scans the container images for vulnerabilities.
    1. In the
      Add build step
      drop-down list, select
      Scan Prisma Cloud Images
      .
    2. Choose an action to take if the image contains packages with vulnerabilities.
      Select a severity threshold (
      Low
      ,
      Medium
      ,
      High
      ) to fail the build if a vulnerability is found. Or select
      Never fail, only warn
      to allow the complete build process to proceed even if there is a vulnerability.
    3. Select the checkbox to ignore any vulnerabilities that do not have a vendor fix.
      For example, if you select a threshold of
      High
      , and a package with a high severity image is found, the build will not be failed if no vendor fix is available.
    4. Choose an action to take if the image has compliance issues.
      Select a severity threshold (
      Low
      ,
      Medium
      ,
      High
      ) to configure the build to fail if a compliance issue is found. For more information about how checks are scored, see CIS benchmarks.
      Select
      Never fail, only warn
      to allow the complete build process to complete even if there are compliance issues.
    5. In the
      Grace period
      field, specify an interval (in days) from when a vulnerability is discovered until when the threshold action is enforced.
      This mechanism eliminates the need for admins to temporarily whitelist a CVE and manually maintain a list of exemptions. Instead, you can automatically grant your development teams time to schedule and implement a fix.
    6. In the
      Image
      field, select the image to scan by specifying the repository and tag. You can use pattern matching expressions.
      For example, enter:
      myimage:1.0
      If the image you want to scan is created outside of this build, or if you want to scan the image every build, even if the build might not generate an new image, then click
      Advanced
      , and select
      Ignore image creation time
      .
  5. Add a post-build action so that image scan results can be viewed in a Jenkins dashboard.
    1. Scroll down to
      Post-build Actions
      .
    2. In the
      Add post-build action
      dropdown menu, select
      Publish Prisma Cloud analysis results
      .
    3. In the
      Image
      field, select the image to report. You can use pattern matching expressions.
      For example, enter:
      myimage:1.0
  6. Click
    Save
    to save your project configuration.
  7. Click
    Build Now
    to start a build.
  8. After the build completes, examine the results. Scan reports are available in the following locations:
    • Prisma Cloud Console: Log into Console, and go to
      Monitor > Vulnerabilities > Jenkins Jobs
      .
    • Jenkins: Drill down into the build job, then click
      Vulnerabilities
      to see a detailed report.

Recommended For You