Book Image

Jenkins 2.x Continuous Integration Cookbook - Third Edition

By : Mitesh Soni, Alan Mark Berg

Book Image

Jenkins 2.x Continuous Integration Cookbook - Third Edition

By: Mitesh Soni, Alan Mark Berg

Overview of this book

Jenkins 2.x is one of the most popular Continuous Integration servers in the market today. It was designed to maintain, secure, communicate, test, build, and improve the software development process. This book will begin by guiding you through steps for installing and configuring Jenkins 2.x on AWS and Azure. This is followed by steps that enable you to manage and monitor Jenkins 2.x. You will also explore the ways to enhance the overall security of Jenkins 2.x. You will then explore the steps involved in improving the code quality using SonarQube. Then, you will learn the ways to improve quality, followed by how to run performance and functional tests against a web application and web services. Finally, you will see what the available plugins are, concluding with best practices to improve quality.

Preface

What this book covers

What you need for this book

Who this book is for

Reader feedback

Customer support

Free Chapter

Getting Started with Jenkins

Getting Started with Jenkins

Installing Jenkins 2 on Windows

Installing Jenkins 2 on CentOS

Installing Jenkins 2 on Azure

Installing Jenkins as a Service in Windows

Installing plugins in Jenkins

Uploading plugins in Jenkins

Configuring proxy in Jenkins

Configuring global settings in Jenkins

Configuring JENKINS_HOME

Understanding JENKINS_HOME directory

Using different ports for Jenkins

Configuring JAVA_HOME in Jenkins

Configuring Git in Jenkins

Configuring ANT_HOME in Jenkins

Configuring MAVEN_HOME in Jenkins

Configuring GRADLE_HOME in Jenkins

Creating a Freestyle job for Ant Project

Creating a Maven Job for Maven Project

Management and Monitoring of Jenkins

Management and Monitoring of Jenkins

Understanding master/agent architecture

Managing Jenkins build jobs using Eclipse

Backing up and restoring Jenkins

Command-line options in Jenkins using Jenkins CLI

Modifying the Jenkins configuration from the command line

Managing disk usage

Shutdown Jenkins safely

Monitoring Jenkins with JavaMelody

Monitoring a Jenkins Job using a Build Monitor View

Configuring mail notifications

Signaling the need to archive

Managing Security

Managing Security

Improving security with Jenkins configuration

Configuring Authorization - Matrix-based security

Configuring a Project-based Matrix Authorization Strategy

Jenkins and OpenLDAP integration

Jenkins and Active Directory integration

Jenkins and OWASP Zed Attack Proxy integration

Testing for OWASP's top 10 security issues

Finding 500 errors and XSS attacks in Jenkins through fuzzing

Avoiding sign-up bots with JCaptcha

Improving Code Quality

Improving Code Quality

Integrating Jenkins with SonarQube

The updating center in SonarQube

Quality gates, quality profiles, and rules

Verifying HTML, CSS and JavaScript validity using SonarQube

Verifying Java code using SonarQube

Configuring SonarQube as a Windows service

Building Applications in Jenkins

Building Applications in Jenkins

Configuring an Ant project for execution

Configuring a Maven project for execution

Configuring an Android project for execution

Manipulating environmental variables

Running Ant through Groovy in Maven

Failed Jenkins jobs based on JSP syntax errors

Remotely triggering jobs through the Jenkins API

Continuous Delivery

Continuous Delivery

Archiving artifacts

Copying an artifact from another build job

Integrating Jenkins with Artifactory

Deploying a WAR file from Jenkins to Tomcat

Deploying a WAR file from Jenkins to AWS Beanstalk

Deploying a WAR file from Jenkins to Azure App Services

Promoting builds

Continuous Testing

Continuous Testing

Getting started with continuous testing

Creating a Selenium test case using Eclipse

Integrating Jenkins and Selenium for functional testing

Jenkins and Cucumber test reports

Creating a load test in Apache JMeter

Executing a load test from Jenkins

Reporting JMeter performance metrics

Testing with FitNesse

Orchestration

Understanding upstream and downstream jobs

Configuring upstream and downstream jobs

Configuring a build pipeline

Creating a pipeline job

Using a sample pipeline for execution

Configuring a pipeline job for end-to-end automation

Getting started with the Blue Ocean dashboard

Jenkins UI Customization

Jenkins UI Customization

Skinning Jenkins with the simple themes plugin

Skinning and provisioning Jenkins using a WAR overlay

Generating a home page

Creating HTML reports

Efficient use of views

Saving screen space with the Dashboard View plugin

Making noise with HTML5 browsers

An extreme view for reception areas

Processes that Improve Quality

Processes that Improve Quality

Culture and collaboration

Fail early or fail faster

Data-driven testing

Learning from history

Considering test automation as a software project

Visualize, visualize, and visualize!

Conventions are good

Test frameworks and commercial choices are increasing

Offsetting work to Jenkins nodes

Starving QA/integration servers

Reading the change log of Jenkins

Avoiding human bottlenecks

Avoiding groupthink

Training and community

Visibly rewarding successful developers

Stability and code maintenance

Resources on quality assurance

And there's always more

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Finding 500 errors and XSS attacks in Jenkins through fuzzing

This recipe describes using a fuzzer to find server-side errors and XSS attacks in your Jenkins servers.

A fuzzer goes through a series of URLs, appends different parameters blindly, and checks the server's response. The inputted parameters are variations on scripting commands, such as <script>alert("random string");</script>. An attack vector is found if the server's response includes the unescaped version of the script.

Cross-site scripting attacks are currently one of the more popular forms of attack (http://en.wikipedia.org/wiki/Cross-site_scripting). The attack involves injecting script fragments into the client's browser so that the script runs as if it comes from a trusted website. For example, once you have logged in to an application, it is probable that your session ID...