Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
We have multiple plugins available in Devtron. At the moment, here are the plugins for which user guide is available.
The Code Scan plugin of Devtron allows you to perform the code scanning using Trivy. By integrating the Code Scan plugin into your workflow you can detect common Vulnerabilities, Misconfigurations, License Risks, and Exposed Secrets in your code.
Before integrating the Code Scan plugin, install the Vulnerability Scanning (Trivy/Clair) integration from Devtron Stack Manager.
Go to Applications → Devtron Apps.
Click your application.
Go to App Configuration → Workflow Editor.
Click New Workflow and navigate to the Build and Deploy from Source Code.
Fill the required fields in the Create build pipeline window and navigate to the Pre-build stage.
If you have already configured workflow, edit the build pipeline, and navigate to Pre-build stage.
Under 'TASKS', click the + Add task button.
Select the Code Scan plugin.
Enter the following user inputs with appropriate values.
Enter the name of your task
e.g., Code Scanning
Add a brief explanation of the task and the reason for choosing the plugin. Include information for someone else to understand the purpose of the task.
e.g., The Code Scan plugin is integrated for scanning the in-code vulnerabilities.
No input variables are required for the Code Scan plugin.
Code Scan will not be generating an output variable.
Click Update Pipeline.
Codacy is an automated code analysis/quality tool that helps developers to ship better software in a faster manner.
Prerequisite: Make sure you have set up an account in Codacy
or get the API keys from an admin.
On the Edit build pipeline page, select the Pre-Build Stage (or Post-Build Stage).
Click + Add task.
Select Codacy from PRESET PLUGINS.
Enter a relevant name in the Task name
field. It is a mandatory field.
Enter a descriptive message for the task in the Description
field. It is an optional field.
Provide a value for the input variable. Note: The value may be any of the values from the previous build stages, a global variable, or a custom value.
Trigger/Skip Condition
refers to a conditional statement to execute or skip the task. You can select either:
Set trigger conditions
or
Set skip conditions
Pass/Failure Condition
refers to conditions to execute pass or fail of your build. You can select either:
Set pass conditions
or
Set failure conditions
Click Update Pipeline.
The CraneCopy plugin by Devtron facilitates the transfer of multi-architecture container images between registries. When integrated into Devtron's Post-build stage, this plugin allows you to efficiently copy and store your container images to a specified target repository.
No prerequisites are required for integrating the CraneCopy plugin.
Go to Applications → Devtron Apps.
Click your application.
Go to App Configuration → Workflow Editor.
Click New Workflow and navigate to the Build and Deploy from Source Code.
Fill the required fields in the Create build pipeline window and navigate to the Post-build stage.
If you have already configured workflow, edit the build pipeline, and navigate to Post-build stage.
Under 'TASKS', click the + Add task button.
Click the CraneCopy plugin.
Enter the name of your task
e.g., Copy and store container images
Add a brief explanation of the task and the reason for choosing the plugin. Include information for someone else to understand the purpose of the task.
e.g., The CraneCopy plugin is integrated to copy the container images from one registry to another.
Here you can set conditions to execute or skip the task. You can select Set trigger conditions
for the execution of a task or Set skip conditions
to skip the task.
CraneCopy will not be generating an output variable.
Click Update Pipeline.
Building container images in CI often results in a growing number of images, not all of which are production-ready. Therefore, it's a best practice to maintain a separate repository exclusively for storing production-builds. However, this would involve copying the container image (production-ready) from your existing repository to the production repository.
Go to App Configuration tab of your application.
Select Workflow Editor and click your deployment pipeline.
In this example, we will be adding the plugin in pre-CD stage; therefore, go to Pre-Deployment stage tab of your deployment pipeline and click Add task.
From the list of plugins, choose Copy container image.
Add the image destination in the field given for DESTINATION_INFO variable. The format is registry-name | username/repository-name
.
user-name is the your account name registered with you container registry, e.g., DockerHub.
repository-name is the name of the repository within your container registry that hosts the container images of your application.
Click Update Pipeline.
Go to the Build & Deploy tab of your application and click Select Image in the pre-deployment stage.
Choose a CI image that you wish to copy to the destination and click Trigger Stage.
Destination Repository
CD Pipeline (Image Selection)
The Cosign plugin by Devtron enables secure signing of your container images, enhancing supply chain security. It authenticates your identity as the creator and ensures image integrity, allowing users to verify the source and detect any tampering. This provides greater assurance to developers incorporating your artifacts into their workflows.
Go to Applications → Devtron Apps.
Click your application.
Go to App Configuration → Workflow Editor.
Click New Workflow and navigate to the Build and Deploy from Source Code.
Fill the required fields in the Create build pipeline window and navigate to the Post-build stage.
If you have already configured workflow, edit the build pipeline, and navigate to Post-build stage.
Under 'TASKS', click the + Add task button.
Click the Cosign plugin.
Enter the name of your task
e.g., Signing of container images
Add a brief explanation of the task and the reason for choosing the plugin. Include information for someone else to understand the purpose of the task.
e.g., The Cosign plugin is integrated for ensuring the authenticity of container images.
Here you can set conditions to execute or skip the task. You can select Set trigger conditions
for the execution of a task or Set skip conditions
to skip the task.
Cosign will not be generating an output variable.
Click Update Pipeline.
The DockerSlim plugin by Devtron helps you to optimize your container deployments by reducing Docker image size. Now with these lighter Docker images, you can perform faster deployments and enhance overall system efficiency.
Support for Docker buildx images will be added soon.
No prerequisites are required for integrating the DockerSlim plugin.
Go to Applications → Devtron Apps.
Click your application.
Go to App Configuration → Workflow Editor.
Click New Workflow and navigate to the Build and Deploy from Source Code.
Fill the required fields in the Create build pipeline window and navigate to the Post-build stage.
If you have already configured workflow, edit the build pipeline, and navigate to Post-build stage.
Under 'TASKS', click the + Add task button.
Click the DockerSlim plugin.
Enter the name of your task
e.g., Reduce Docker image size
Add a brief explanation of the task and the reason for choosing the plugin. Include information for someone else to understand the purpose of the task.
e.g., The DockerSlim plugin is integrated for reducing the size of Docker image.
At IncludePathFile
input variable list down the file path of essential files from your Dockerfile. Files for which the path is not listed at IncludePathFile
will may be excluded from the Docker image to reduce size.
Here you can set conditions to execute or skip the task. You can select Set trigger conditions
for the execution of a task or Set skip conditions
to skip the task.
DockerSlim will not be generating an output variable.
Click Update Pipeline.
Migrate reads migrations from sources file and applies them in correct order to a database.
Prerequisite: Make sure you have SQL files in format used by the golang-migrate tool.
official-documentation: https://github.com/golang-migrate/migrate postgres-example: https://github.com/golang-migrate/migrate/tree/master/database/postgres
On the Edit build pipeline page, select the Pre-Build Stage (or Post-Build Stage). or
Click + Add task.
Select GoLang-migrate from PRESET PLUGINS.
Enter a relevant name in the Task name
field. It is a mandatory field.
Enter a descriptive message for the task in the Description
field. It is an optional field.
Provide a value for the input variable. Note: The value may be any of the values from the previous build stages, a global variable, or a custom value.
Trigger/Skip Condition
refers to a conditional statement to execute or skip the task. You can select either:
Set trigger conditions
or
Set skip conditions
Click Update Pipeline.
Use in-cluster/ Execute tasks in application environment
feature in pre-deploy
or post-deploy
, in case when the database service is not reachable or accessible from devtron cluster.
In case the DB_TYPE
is not supported for your database, then use POST_COMMAND
as
use DB_PASSWORD
with scope-variable
feature for more security.
The Copacetic plugin of Devtron helps you patch your container image vulnerabilities traced by the security scan Devtron performed on your container image. By integrating the Copacetic plugin into your workflow and enabling the Scan for vulnerabilities at your Build stage, you can:
Trace the vulnerabilities of your container images, and the Copacetic plugin will automatically patch the container image vulnerabilities for you.
Go to Applications → Devtron Apps.
Click your application.
Go to App Configuration → Workflow Editor.
Click New Workflow and navigate to the Build and Deploy from Source Code.
Fill the required fields in the Create build pipeline window and navigate to the Post-build stage.
If you have already configured workflow, edit the build pipeline, and navigate to Pre-build stage.
Under 'TASKS', click the + Add task button.
Click the Copacetic plugin.
Enter the name of your task.
e.g., Patch container image vulnerability
Add a brief explanation of the task and the reason for choosing the plugin. Include information for someone else to understand the purpose of the task.
e.g., The Copacetic plugin is configured to patch the vulnerabilities in container image
Here you can set conditions to execute or skip the task. You can select Set trigger conditions
for the execution of a task or Set skip conditions
to skip the task.
Copacetic will not be generating an output variable.
Click Update Pipeline.
Variable | Format | Description |
---|---|---|
Enter the following with appropriate values.
Variable | Format | Description | Sample Value |
---|
This plugin helps you copy a container image to a desired container . The pushing of image can be between repositories of the same container or between repositories of different container registry. One of the major usecases this plugin serves is multi-cloud deployments.
The plugin can be used at post CI, pre-CD, and post-CD. Moreover, you can also for the copied image.
registry-name is the name you gave to your container registry while adding it in .
The copying process will initiate, and once it is successful, the would reflect at all relevant screens:
You can also filter out specific images (of target repository) from deployment. Refer to know the process.
Before integrating the Cosign plugin, ensure that you have configured the and have a set of private and public keys to sign the container images.
Enter the following with appropriate values.
Variable | Format | Description | Sample Value |
---|
Enter the following with appropriate values.
Variable | Format | Description | Sample Value |
---|
Variable | Format | Description |
---|
Before integrating the Copacetic plugin, install the Vulnerability Scanning (Trivy/Clair)
integration from Devtron Stack Manager. Once the integration is installed, make sure you have enabled Scan for vulnerabilities at the Build stage or integrated the plugin in the Pre-build stage.
Enter the following with appropriate values.
Variable | Format | Description | Sample Value |
---|
CodacyEndpoint
String
API endpoint for Codacy
GitProvider
String
Git provider for the scanning
CodacyApiToken
String
API token for Codacy. If it is provided, it will be used, otherwise it will be picked from Global secret (CODACY_API_TOKEN).
Organisation
String
Your Organization for Codacy
RepoName
String
Your Repository name
Branch
String
Your branch name
RegistryUsername | STRING | Username of target registry for authentication | admin |
RegistryPassword | STRING | Password for the target registry for authentication | Tr5$mH7p |
TargetRegistry | STRING | The target registry to push to image | docker.io/dockertest |
PrivateKeyFilePath | STRING | Path of private key file in Git repo | cosign/cosign.key |
PostCommand | STRING | Command to run after image is signed by Cosign | cosign verify $DOCKER_IMAGE |
ExtraArguments | STRING | Arguments for Cosign command | --certificate-identity=name@example.com |
CosignPassword | STRING | Password for Cosign private key | S3cur3P@ssw0rd123! |
VariableAsPrivateKey | STRING | base64 encoded private-key | @{{COSIGN_PRIVATE_KEY}} |
PreCommand | STRING | Command to get the required conditions to execute Cosign command | curl -sLJO https://raw.githubusercontent.com/devtron-labs/sampleRepo/branchName/private |
HTTPProbe | BOOL | Indicates whether the port is exposed in Dockerfile or not | false |
IncludePathFile | STRING | File path of required files | /etc/nginx/include.conf |
DB_TYPE | String | Currently this plugin support postgres,mongodb,mongodb+srv,mysql,sqlserver. |
DB_HOST | String | The hostname, service endpoint or IP address of the database server. |
DB_PORT | String | The port number on which the database server is listening. |
DB_NAME | String | The name of the specific database instance you want to connect to. |
DB_USER | String | The username required to authenticate to the database. |
DB_PASSWORD | String | The password required to authenticate to the database. |
SCRIPT_LOCATION | String | Location of SQL files that need to be run on desired database. |
MIGRATE_IMAGE | String | Docker image of golang-migrate default:migrate/migrate. |
MIGRATE_TO_VERSION | String | migrate to which version of sql script need to be run on desired database(default: 0 is for all files in directory). |
PARAM | String | extra params that runs with db queries. |
POST_COMMAND | String | post commands that runs at the end of script. |
CopaTimeout | STRING | Provide timeout for copa patch command, default time is 5 minutes | 10m |
Configuring Dependency Track for NodeJs
in pre-build or post build task creates a bill of materials from Maven & Gradle projects and environments and uploads it to D-track for Component Analysis to identify and reduce risk in the software supply chain.
Prerequisite: Make sure you have set up an account in dependency track
or get the API keys from an admin.
On the Edit build pipeline page, select the Pre-Build Stage (or Post-Build Stage).
Click + Add task.
Select Dependency track for Maven & Gradle from PRESET PLUGINS.
Enter a relevant name in the Task name
field. It is a mandatory field.
Enter a descriptive message for the task in the Description
field. It is an optional field.
Provide a value for the input variable. Note: The value may be any of the values from the previous build stages, a global variable, or a custom value.
Trigger/Skip Condition
refers to a conditional statement to execute or skip the task. You can select either:
Set trigger conditions
or
Set skip conditions
Click Update Pipeline.
Jenkins is an open-source Continuous Integration (CI) server. You can manage multiple stages of software delivery using Jenkins including Automated testing, Static Code Analysis, Building, Packaging, and Deploying. With Devtron's Jenkins plugin, you can:
Trigger pre-configured Jenkins jobs from Devtron and stream the logs to the Devtron dashboard.
Execute Jenkins build pipelines through Devtron and deploy to target environments using the Devtron CD pipeline.
Before integrating the Jenkins plugin, ensure that you have properly configured your Jenkins job and also have the necessary parameters set for triggering from Devtron.
Go to Applications → Devtron Apps.
Click on your application.
Go to App Configuration → Workflow Editor.
Click New Workflow and navigate to the CREATE JOB PIPELINE.
Enter the required fields in the Basic configuration window.
Under 'TASKS', click the + Add task button.
Click the Jenkins plugin.
Enter the following user inputs with appropriate values.
Enter the name of your task.
e.g. Jenkins_Job
Add a brief explanation of the task and the reason for choosing the plugin. Include information for someone else to understand the purpose of the task.
e.g. Trigger the build Job of Jenkins
Here you can set conditions to execute or skip the task. You can select Set trigger conditions
for the execution of a task or Set skip conditions
to skip the task.
Jenkins will not be generating an output variable.
Click Update Pipeline.
The Pull images from container repository plugin helps you poll the specified container repository and fetch the container images to deploy them on your target Kubernetes environments using Devtron's CD pipeline. By integrating this plugin you can:
Poll the designated container repository to get the specific container image build using external CI like Jenkins and Github actions. Once the image becomes available, you can deploy it to your target Kubernetes environment using Devtron's CD pipeline.
Currently, this plugin only supports ACR and ECR registry. Support for other container registries will be added soon.
Before integrating the Pull images from the container repository plugin, ensure that you have a specific container image present at your ECR container repository to pull the image and deploy it to the target environment.
Go to Applications → Devtron Apps.
Click your application.
Go to App Configuration → Workflow Editor.
Click New Workflow and navigate to the CREATE JOB PIPELINE.
Enter the required fields in the Basic configuration window.
Under 'TASKS', click the + Add task button.
Select the Pull images from container repository plugin.
Enter the following user inputs with appropriate values.
Enter the name of your task.
e.g., Pull container image
Add a brief explanation of the task and the reason for choosing the plugin. Include information for someone else to understand the purpose of the task.
e.g., Pull container image build by external CI
Here you can set conditions to execute or skip the task. You can select Set trigger conditions
for the execution of a task or Set skip conditions
to skip the task.
Pull images from container repository will not be generating an output variable.
Click Update Pipeline.
Configuring Dependency Track for Python
in pre-build or post build task creates a bill of materials from Python projects and environments and uploads it to D-track for Component Analysis to identify and reduce risk in the software supply chain.
Prerequisite: Make sure you have set up an account in dependency track
or get the API keys from an admin.
On the Edit build pipeline page, select the Pre-Build Stage (or Post-Build Stage).
Click + Add task.
Select Dependency track for Python from PRESET PLUGINS.
Enter a relevant name in the Task name
field. It is a mandatory field.
Enter a descriptive message for the task in the Description
field. It is an optional field.
Provide a value for the input variable. Note: The value may be any of the values from the previous build stages, a global variable, or a custom value.
Trigger/Skip Condition
refers to a conditional statement to execute or skip the task. You can select either:
Set trigger conditions
or
Set skip conditions
Click Update Pipeline.
The Devtron Job Trigger plugin enables you to trigger Devtron Jobs from your current application workflow. For example, by integrating this plugin at the pre-deployment stage of your application workflow, you can trigger jobs designed to run migration scripts in your database. This ensures that necessary migrations are executed before your application is deployed.
Before integrating the Devtron Job Trigger plugin, you need to properly configure the target Devtron Job to ensure smooth execution.
Go to Applications → Devtron Apps.
Click your application.
Go to App Configuration → Workflow Editor.
Click New Workflow and navigate to the Build and Deploy from Source Code.
Fill the required fields in the Create build pipeline window and navigate to the Create deployment pipeline.
Fill the required fields in the Deployment Stage window and navigate to the Pre-Deployment stage.
If you have already configured workflow, edit the deployment pipeline, and navigate to Pre-Deployment stage.
Under 'TASKS', click the + Add task button.
Select the Devtron Job Trigger plugin.
Enter the following user inputs with appropriate values.
Enter the name of your task
e.g., Triggers Devtron Job
Add a brief explanation of the task and the reason for choosing the plugin. Include information for someone else to understand the purpose of the task.
e.g., The Devtron Job Trigger plugin is integrated for triggering the Devtron Job.
Here you can set conditions to execute or skip the task. You can select Set trigger conditions
for the execution of a task or Set skip conditions
to skip the task.
Devtron Job Trigger will not be generating an output variable.
Click Update Pipeline.
The Devtron CD Trigger plugin allows you to trigger the PRE-CD, CD, or POST-CD stages of target Devtron App from within your current application workflow. This plugin offers flexibility in managing application dependencies and deployment sequences. For example, by incorporating this plugin at the pre-deployment stage of your application workflow, you can deploy another application that contains dependencies required by your current application, ensuring a coordinated deployment process.
Before integrating the Devtron CD Trigger plugin, you need to properly configure the target Devtron App to ensure smooth execution.
Go to Applications → Devtron Apps.
Click your application.
Go to App Configuration → Workflow Editor.
Click New Workflow and navigate to the Build and Deploy from Source Code.
Fill the required fields in the Create build pipeline window and navigate to the Create deployment pipeline.
Fill the required fields in the Deployment Stage window and navigate to the Post-Deployment stage.
If you have already configured workflow, edit the deployment pipeline, and navigate to Post-Deployment stage.
Under 'TASKS', click the + Add task button.
Select the Devtron CD Trigger plugin.
Enter the following user inputs with appropriate values.
Enter the name of your task
e.g., Triggers CD Pipeline
Add a brief explanation of the task and the reason for choosing the plugin. Include information for someone else to understand the purpose of the task.
e.g., The Devtron CD Trigger plugin is integrated for triggering the CD stage of another application.
Here you can set conditions to execute or skip the task. You can select Set trigger conditions
for the execution of a task or Set skip conditions
to skip the task.
Devtron CD Trigger will not be generating an output variable.
Click Update Pipeline.
The Jira Issue Validator plugin extends the filtering capabilities of the Devtron CI and lets users perform validation based on Jira Ticket ID status. This plugin ensures that only builds associated with valid Jira tickets are executed, improving the accuracy of the CI process.
A Jira account with the necessary API access.
The API credentials (username, password, and base URL) for your Jira instance. Obtain the API credentials from your Jira admin if required.
A pull request raised with your Git provider. Title of pull request must contain the Jira ID.
Jira Issue (e.g., REDOC-12)
Webhook added to the git repository. Click here to know more.
On the Edit build pipeline page, go to the Pre-Build Stage (or Post-Build Stage).
Click + Add task.
Select Jira Issue Validator from the list of plugins.
Enter a task name (mandatory).
Optionally, enter a description.
Provide values for the input variables.
Trigger/Skip Condition
allows you to set conditions under which this task will execute or be skipped.
Pass/Failure Condition
allows you to define conditions that determine whether the build passes or fails based on Jira validation.
Go to the Build Stage.
Select Pull Request in the Source Type dropdown.
Use filters to fetch only the PRs matching your regex. Here are few examples:
Title can be a regex pattern (e.g., ^(?P<jira_Id>([a-zA-Z0-9-].*))
) to extract the Jira ID from the PR title. Only those PRs fulfilling the regex will be shown for image build process.
State can be ^open$
, where only PRs in open state will be shown for image build process.
Click Update Pipeline.
Case 1: If Jira issue exists and the same is found in the PR title
Case 2: If Jira issue is not found
K6 is an open-source tool and cloud service that makes load testing easy for developers and QA engineers.
Prerequisite: Make sure you have set up an account in k6.io
or get the API keys from an admin.
On the Edit build pipeline page, select the Pre-Build Stage (or Post-Build Stage).
Click + Add task.
Select K6 Load Testing from PRESET PLUGINS.
Enter a relevant name in the Task name
field. It is a mandatory field.
Enter a descriptive message for the task in the Description
field. It is an optional field.
Provide a value for the input variable. Note: The value may be any of the values from the previous build stages, a global variable, or a custom value.
Trigger/Skip Condition
refers to a conditional statement to execute or skip the task. You can select either:
Set trigger conditions
or
Set skip conditions
Click Update Pipeline.
Semgrep is a fast, open source, static analysis engine for finding bugs, detecting dependency vulnerabilities, and enforcing code standards.
Prerequisite: Make sure you have set up an account in Semgrep
or get the API keys from an admin.
On the Edit build pipeline page, select the Pre-Build Stage (or Post-Build Stage).
Click + Add task.
Select Semgrep from PRESET PLUGINS.
Enter a relevant name in the Task name
field. It is a mandatory field.
Enter a descriptive message for the task in the Description
field. It is an optional field.
Provide a value for the input variable. Note: The value may be any of the values from the previous build stages, a global variable, or a custom value.
Trigger/Skip Condition
refers to a conditional statement to execute or skip the task. You can select either:
Set trigger conditions
or
Set skip conditions
Click Update Pipeline.
The Jira Issue Updater plugin extends the capabilities of Devtron CI by allowing updates to Jira issues directly from the pipeline. It can add build pipeline status and docker image ID as a comment on Jira tickets, keeping the issue tracking synchronized with your CI processes.
The API credentials (username, password, and base URL) for your Jira instance. Obtain the API credentials from your Jira admin if required.
A pull request raised with your Git provider. Title of pull request must contain the Jira ID.
Jira Issue (e.g., REDOC-12)
On the Edit build pipeline page, go to the Post-Build Stage.
Click + Add task.
Select Jira Issue Updater from the list of plugins.
Enter a task name (mandatory).
Optionally, enter a description.
Provide values for the input variables.
Trigger/Skip Condition
allows you to set conditions under which this task will execute or be skipped.
Pass/Failure Condition
allows you define conditions to determine if the build passes or fails based on the Jira update.
Go to the Build Stage.
Select Pull Request in the Source Type dropdown.
Use filters to fetch only the PRs matching your regex. Here are few examples:
Title can be a regex pattern (e.g., ^(?P<jira_Id>([a-zA-Z0-9-].*))
) to extract the Jira ID from the PR title. Only those PRs fulfilling the regex will be shown for image build process.
State can be ^open$
, where only PRs in open state will be shown for image build process.
Click Update Pipeline.
Configuring Sonarqube-v1.1.0
in pre-build or post build task enhances your workflow with Continuous Code Quality & Code Security.
Prerequisite: Make sure you have set up an account in Sonarqube
or get the API keys from an admin.
On the Edit build pipeline page, select the Pre-Build Stage (or Post-Build Stage).
Click + Add task.
Select Sonarqube v1.1.0 from PRESET PLUGINS.
Enter a relevant name in the Task name
field. It is a mandatory field.
Enter a descriptive message for the task in the Description
field. It is an optional field.
Provide a value for the input variable. Note: The value may be any of the values from the previous build stages, a global variable, or a custom value.
Trigger/Skip Condition
refers to a conditional statement to execute or skip the task. You can select either:
Set trigger conditions
or
Set skip conditions
Pass/Fail Condition
refers to a conditional statement to pass or fail the Pre-Build Stage (or Post-Build Stage). You can select either:
Set pass conditions
or
Set failure conditions
Click Update Pipeline.
The Vulnerability Scanning plugin by Devtron enables you to scan and detect vulnerabilities of your applications using Trivy/Clair. The Vulnerability Scanning plugin is recommended to be integrated into the Job Pipeline, especially when you are using external CI pipelines like Jenkins, GitLab, or GitHub Actions. Based on Vulnerability Scanning results, you can enforce security policies to either proceed with or abort the deployment process, giving you more control over your deployment process.
Before integrating the Vulnerability Scanning plugin, ensure that you have installed the Vulnerability Scanning (Trivy/Clair)
integration from Devtron Stack Manager.
Go to Applications → Devtron Apps.
Click your application.
Go to App Configuration → Workflow Editor.
Click New Workflow and navigate to the CREATE JOB PIPELINE.
Enter the required fields in the Basic configuration window.
Click Task to be executed.
Under 'TASKS', click the + Add task button.
Click the Vulnerability Scanning plugin.
Enter the name of your task
e.g., Vulnerability Scanning for External CI
Add a brief explanation of the task and the reason for choosing the plugin. Include information for someone else to understand the purpose of the task.
e.g., The Vulnerability Scanning plugin is integrated for detecting vulnerabilities in applications.
Here you can set conditions to execute or skip the task. You can select Set trigger conditions
for the execution of a task or Set skip conditions
to skip the task.
Vulnerability Scanning will not be generating an output variable.
Click Update Pipeline.
Configuring Sonarqube
in pre-build or post build task enhances your workflow with Continuous Code Quality & Code Security.
Prerequisite: Make sure you have set up an account in Sonarqube
or get the API keys from an admin.
On the Edit build pipeline page, select the Pre-Build Stage (or Post-Build Stage).
Click + Add task.
Select Sonarqube from PRESET PLUGINS.
Enter a relevant name in the Task name
field. It is a mandatory field.
Enter a descriptive message for the task in the Description
field. It is an optional field.
Provide a value for the input variable. Note: The value may be any of the values from the previous build stages, a global variable, or a custom value.
Trigger/Skip Condition
refers to a conditional statement to execute or skip the task. You can select either:
Set trigger conditions
or
Set skip conditions
Click Update Pipeline.
Prerequisite: Make sure you have set up an account in dependency track
or get the API keys from an admin.
On the Edit build pipeline page, select the Pre-Build Stage (or Post-Build Stage).
Click + Add task.
Select Dependency track for NodeJs from PRESET PLUGINS.
Enter a relevant name in the Task name
field. It is a mandatory field.
Enter a descriptive message for the task in the Description
field. It is an optional field.
Provide a value for the input variable. Note: The value may be any of the values from the previous build stages, a global variable, or a custom value.
Trigger/Skip Condition
refers to a conditional statement to execute or skip the task. You can select either:
Set trigger conditions
or
Set skip conditions
Click Update Pipeline.
Variable | Format | Description |
---|---|---|
Variable | Format | Description | Sample Value |
---|---|---|---|
Variable | Format | Description | Sample Value |
---|---|---|---|
Variable | Format | Description |
---|---|---|
Variable | Format | Description | Sample Value |
---|---|---|---|
Variable | Format | Description | Sample Value |
---|---|---|---|
Variable | Format | Description |
---|---|---|
Variable | Format | Description |
---|---|---|
Variable | Format | Description |
---|
A Jira account with the necessary .
Webhook added to the git repository. to know more.
Variable | Format | Description |
---|
Variable | Format | Description |
---|
Enter the following with appropriate values.
Variable | Format | Description | Sample Value |
---|
Variable | Format | Description |
---|
Configuring Dependency Track for NodeJs
in pre-build or post build task creates a bill of materials from NodeJs projects and environments and uploads it to D-track for to identify and reduce risk in the software supply chain.
Variable | Format | Description |
---|
BuildToolType
String
Type of build tool your project is using. E.g., Maven, or Gradle
DTrackEndpoint
String
API endpoint of your dependency track account
DTrackProjectName
String
Name of your dependency track project
DTrackProjectVersion
String
Version of dependency track project
DTrackApiKey
String
API key of your dependency track account
CheckoutPath
String
Checkout path of Git material
URL
STRING
The base URL of the Jenkins server.
https://jenkins.example.com
USERNAME
STRING
Username for Jenkins server.
admin
PASSWORD
STRING
Password of the Jenkins user for authentication
securePass123!
JOB_NAME
STRING
The name of the Jenkins job to be triggered.
CI-build-job
JOB_TRIGGER_PARAMS
STRING
Parameters to be passed for triggering a job.
branch=main&environment=production
JENKINS_PLUGIN_TIMEOUT
INTEGER
The maximum time (in minutes) to wait for a Jenkins plugin operation to complete before timing out.
60
REPOSITORY
STRING
Provide name of repository for polling
dev-repo
ProjectManifestType
String
Type of your Python project manifest which is used to build cycloneDx Software Bill of Materials (SBOM). E.g., PIP, Poetry etc.
RelativePathToPoetryLock
String
Path to your poetry.lock file inside your project
RelativePathToPipfile
String
Path to your Pipfile.lock file inside your project
RelativePathToRequirementTxt
String
Path to your requirements.txt file inside your project
DTrackEndpoint
String
API endpoint of your dependency track account
DTrackProjectName
String
Name of your dependency track project
DTrackProjectVersion
String
Version of dependency track project
DTrackApiKey
String
API key of your dependency track account
CheckoutPath
String
Checkout path of Git material
DevtronApiToken
STRING
Enter Devtron API token with required permissions.
abc123def456token789
DevtronEndpoint
STRING
Enter the URL of Devtron dashboard.
https://devtron.example.com
DevtronJob
STRING
Enter the name or ID of Devtron Job to be triggered
plugin-test-job
DevtronEnv
STRING
Enter the name or ID of the Environment where the job is to be triggered. If JobPipeline is given, ignore this field and do not assign any value
prod
JobPipeline
STRING
Enter the name or ID of the Job pipeline to be triggered. If DevtronEnv is given, ignore this field and do not assign any value
hello-world
GitCommitHash
STRING
Enter the commit hash from which the job is to be triggered. If not given then, will pick the latest
cf19e4fd348589kjhsdjn092nfse01d2234235sdsg
StatusTimeoutSeconds
NUMBER
Enter the maximum time to wait for the job status
120
DevtronApiToken
STRING
Enter target Devtron API token.
abc123DEFxyz456token789
DevtronEndpoint
STRING
Enter the target URL of Devtron.
https://devtron.example.com
DevtronApp
STRING
Enter the target Devtron Application name/ID
plugin-demo
DevtronEnv
STRING
Enter the target Environment name/ID. Required if JobPipeline is not given
preview
StatusTimeoutSeconds
STRING
Enter the maximum time (in seconds) a user can wait for the application to deploy. Enter a positive integer value
120
GitCommitHash
STRING
Enter the git hash from which user wants to deploy its application. By default it takes latest Artifact ID to deploy the application
cf19e4fd348589kjhsdjn092nfse01d2234235sdsg
TargetTriggerStage
STRING
Enter the Trigger Stage PRE/DEPLOY/POST. Default value is Deploy
.
PRE
JiraUsername
String
Your Jira username (e.g., johndoe@devtron.ai)
JiraPassword
String
Your Jira API token provided by the Jira admin
JiraBaseUrl
String
The base URL of your Jira instance (e.g., https://yourdomain.atlassian.net)
RelativePathToScript
String
Checkout path + script path along with script name
PrometheusUsername
String
Username of Prometheus account
PrometheusApiKey
String
API key of Prometheus account
PrometheusRemoteWriteEndpoint
String
Remote write endpoint of Prometheus account
OutputType
String
Log
or Prometheus
SemgrepAppToken | String | App token of Semgrep. If it is provided, this token will be used, otherwise it will be picked from Global Secret. |
PrefixAppNameInSemgrepBranchName | Bool | Enter either |
UseCommitAsSemgrepBranchName | Bool | Enter either |
SemgrepAppName | String | App name for Semgrep. If it is provided, and |
ExtraCommandArguments | String | Extra command arguments for Semgrep CI command. E.g., Input: --json --dry-run. |
JiraUsername | String | Your Jira username (e.g., johndoe@devtron.ai) |
JiraPassword | String | Your Jira API token provided by the Jira admin |
JiraBaseUrl | String | The base URL of your Jira instance (e.g., https://yourdomain.atlassian.net/) |
UpdateWithDockerImageId | Bool | Set to |
UpdateWithBuildStatus | Bool | Set to |
SonarqubeProjectPrefixName | String | This is the SonarQube project prefix name. If not provided, the prefix name is automatically generated. |
SonarqubeBranchName | String | Branch name to be used to send the scanned result on sonarqube project. |
SonarqubeProjectKey | String | Project key of SonarQube account |
CheckForSonarAnalysisReport | Bool | Boolean value - true or false. Set true to poll for generated report from sonarqube. |
AbortPipelineOnPolicyCheckFailed | Bool | Boolean value - true or false. Set true to abort on report check failed. |
UsePropertiesFileFromProject | Bool | Boolean value - true or false. Set true to use source code sonar-properties file. |
SonarqubeEndpoint | String | API endpoint of SonarQube account. |
CheckoutPath | String | Checkout path of Git material. |
SonarqubeApiKey | String | API key of SonarQube account |
SonarContainerImage | String | Container Image that will be used for sonar scanning purpose. |
IMAGE_SCAN_MAX_RETRIES | STRING | Maximum retries for image scanning. | 2 |
IMAGE_SCAN_RETRY_DELAY | STRING | Delay between image scanning retries (seconds). | 120 |
SonarqubeProjectKey | String | Project key of SonarQube account |
SonarqubeApiKey | String | API key of SonarQube account |
SonarqubeEndpoint | String | API endpoint of SonarQube account |
CheckoutPath | String | Checkout path of Git material |
UsePropertiesFileFromProject | Boolean | Enter either |
CheckForSonarAnalysisReport | Boolean | Enter either |
AbortPipelineOnPolicyCheckFailed | Boolean | Enter either |
DTrackEndpoint | String | API endpoint of your dependency track account |
DTrackProjectName | String | Name of your dependency track project |
DTrackProjectVersion | String | Version of dependency track project |
DTrackApiKey | String | API key of your dependency track account |
CheckoutPath | String | Checkout path of Git material |