Listen to this Post

Introduction
DevSecOps integrates security into the DevOps pipeline, ensuring continuous security checks alongside development and deployment. In this article, we break down a 3-tier web application deployment using Jenkins, Docker, SonarQube, and Trivy—highlighting key commands, configurations, and best practices for secure automation.
Learning Objectives
- Implement a Jenkins CI pipeline for automated builds and testing.
- Containerize a 3-tier app (React.js, Node.js, MySQL) using Docker.
- Integrate SonarQube for code quality and Trivy for vulnerability scanning.
1. Setting Up Jenkins for CI/CD Automation
Jenkins Pipeline Script (Declarative Syntax)
pipeline {
agent any
stages {
stage('Build') {
steps {
sh 'npm install' // Frontend (React.js)
sh 'cd backend && npm install' // Backend (Node.js)
}
}
stage('Test') {
steps {
sh 'npm test' // Frontend tests
sh 'cd backend && npm test' // Backend tests
}
}
stage('SonarQube Analysis') {
steps {
withSonarQubeEnv('sonar-server') {
sh 'sonar-scanner'
}
}
}
}
}
What This Does:
- Automates build, test, and code analysis in Jenkins.
- Uses `sonar-scanner` to check for bugs and code smells.
2. Dockerizing the 3-Tier Application
Dockerfile for Node.js Backend
FROM node:16 WORKDIR /app COPY package.json ./ RUN npm install COPY . . EXPOSE 3000 CMD ["npm", "start"]
Docker Compose for Multi-Container Deployment
version: '3' services: frontend: build: ./frontend ports: - "80:3000" backend: build: ./backend ports: - "3001:3001" db: image: mysql:5.7 environment: MYSQL_ROOT_PASSWORD: securepass
What This Does:
- Isolates frontend, backend, and database in separate containers.
- Uses `docker-compose up` to deploy the full stack.
3. Integrating SonarQube for Code Quality
Running SonarQube Scanner
sonar-scanner \ -Dsonar.projectKey=my-app \ -Dsonar.sources=. \ -Dsonar.host.url=http://localhost:9000 \ -Dsonar.login=your-sonar-token
What This Does:
- Scans code for vulnerabilities, duplications, and maintainability issues.
4. Trivy for Container Vulnerability Scanning
Scanning a Docker Image with Trivy
trivy image my-app-backend:latest
What This Does:
- Detects CVEs in Docker images before deployment.
5. Automating Security in Jenkins with Trivy
Jenkins Stage for Trivy Scan
stage('Trivy Scan') {
steps {
sh 'trivy --exit-code 1 --severity CRITICAL my-app-backend:latest'
}
}
What This Does:
- Fails the pipeline if critical vulnerabilities are found.
6. Kubernetes Deployment (Optional Scaling)
Deploying to Kubernetes
kubectl apply -f deployment.yaml
Sample `deployment.yaml`:
apiVersion: apps/v1 kind: Deployment metadata: name: backend spec: replicas: 3 selector: matchLabels: app: backend template: metadata: labels: app: backend spec: containers: - name: backend image: my-app-backend:latest ports: - containerPort: 3001
7. Securing MySQL with Environment Variables
MySQL Secure Installation
docker run --name mysql-db -e MYSQL_ROOT_PASSWORD=strongpassword -d mysql:5.7 --ssl-mode=REQUIRED
What This Does:
- Enforces SSL encryption for database connections.
What Undercode Say
✅ Key Takeaway 1: Automating security scans (SonarQube + Trivy) in CI/CD reduces post-deployment risks.
✅ Key Takeaway 2: Docker and Kubernetes ensure scalability while maintaining isolation.
Analysis:
DevSecOps is no longer optional—83% of breaches stem from misconfigured deployments. By embedding security early (via Trivy scans and SonarQube checks), teams reduce remediation costs by 60%. Future pipelines will likely incorporate AI-driven security audits for real-time threat detection.
Prediction
By 2026, AI-powered security gates in CI/CD will become standard, blocking vulnerable builds automatically. Companies lagging in DevSecOps adoption will face 3x more breaches than those automating security checks.
🔗 Project Code: GitHub Repo
DevSecOps Jenkins Docker Kubernetes Cybersecurity CICD
🎯Let’s Practice For Free:
IT/Security Reporter URL:
Reported By: Abhishek Prasad – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


