Jenkins CI/CD Pipeline for Spring Petclinic
Automated build, test, security scanning, and deployment pipeline with Docker and Nexus integration
Project Overview
Implemented a comprehensive Jenkins CI/CD pipeline for the Spring Petclinic application that automates the entire software delivery process from code commit to production deployment. The pipeline incorporates security scanning at multiple stages, quality gates, artifact management with Nexus, Docker image building, and deployment to multiple environments. The solution ensures consistent, reliable, and secure software releases with full traceability.
Pipeline Stages
1. Code Checkout
The pipeline begins by checking out the source code from the GitHub repository:
git branch: 'main', url: 'https://github.com/spkumar17/spring-petclinic.git'
2. Compilation
Maven compiles the Java source code:
mvn compile
3. Security Scanning
Multiple security scanning tools are integrated:
- Trivy: Filesystem vulnerability scanning
- SonarQube: Static code analysis with quality gates
- OWASP Dependency-Check: Dependency vulnerability analysis
trivy fs --format table -o trivyfs.html .
4. Build & Package
Maven packages the application and deploys artifacts to Nexus:
mvn -s $mavensettings clean deploy -DskipTests=true
5. Docker Image Build
Builds Docker images with versioned tags:
docker build -t prasannakumarsinganamalla431/petclinic:${BUILD_NUMBER} .
6. Artifact Storage
Stores artifacts in multiple repositories:
- Docker Hub for public image distribution
- Nexus for private image storage
- AWS S3 for build artifacts
Key Features
Security Integration
Multiple security tools are integrated throughout the pipeline:
- Trivy scans for vulnerabilities in both filesystem and Docker images
- SonarQube enforces code quality standards before deployment
- OWASP Dependency-Check identifies vulnerable dependencies
- All security reports are archived and attached to notifications
Artifact Management
Comprehensive artifact management strategy:
- Maven artifacts stored in Nexus repository
- Docker images pushed to both Docker Hub and Nexus
- Build artifacts archived in AWS S3
- Versioned using Jenkins build numbers
Notification System
Email notifications with detailed build information:
- Build status and console output link
- Attached security scan reports (Trivy, SonarQube, OWASP)
- Links to Nexus repositories
- Customizable recipient list
Infrastructure Requirements
The pipeline requires several pre-configured components:
# Jenkins with JDK 17 and Maven 3
sudo apt install openjdk-17-jre
# Docker installation
sudo apt install docker.io
sudo usermod -aG docker jenkins
sudo usermod -aG docker ubuntu
# SonarQube (Docker)
docker run -d --name sonar -p 9000:9000 sonarqube:lts-community
Architecture Diagram
Key Achievements
- Implemented fully automated CI/CD pipeline for Spring Boot application
- Integrated multiple security scanning tools at different stages
- Configured quality gates to prevent deployment of vulnerable code
- Implemented artifact management with Nexus for both Maven and Docker artifacts
- Configured comprehensive email notifications with security reports
- Enabled deployment to multiple environments (Docker Hub, Nexus, AWS S3)
- Documented infrastructure requirements and setup process
Work Samples
Pipeline Screenshots
8 images