Black Duck Jenkins integration with Google Container Engine (GKE)


Automating the Jenkins build enables an automated application build when changes occur in your source code repository.  When Jenkins detects source code changes, the application is automatically built and scanned using the Black Duck Docker scan client.

Automating the Jenkins build

  1. In Jenkins, click Manage Jenkins > Configure System > Credentials > Global Credentials (Unrestricted) > Add Credentials.
  2. Select:
    1. Kind as Username with Password.
    2. Scope as Global.
    3. Provide your GitHub credentials.
    4. Click OK.

Setting the Black Duck password in the Jenkins environment variable

Add the environment variable BD_HUB_PASSWORD in Manage Jenkins > Configure System > Global properties.

Creating the project in Jenkins

Source Code Management

For this example, configure the GIT repository as follows:

  1. Provide the GIT Repository URL.
  2. Select the Credentials.
  3. Add branches to the Branches to build field.

Build triggers

In this build triggers example, the GIT repository is polled every five minutes to detect changes.

Build environment

Changes detected in the source code triggers the build. Add the following steps in Build > Add Build Step > Execute Shell:

  1. Set the GCloud project.
  2. Set the image tag.
  3. Set the Black Duck URL (Hub versions 4.1.0 and higher).
  4. Set the Black Duck scheme.
  5. Build the image for the modified code.
  6. Download the Black Duck Docker scan client, based on your operating system.
  7. Scan the built image using the downloaded Black Duck Docker scan client.
  8. Remove the downloaded Black Duck Docker scan client.
  9. Push the built image to Google cloud.
  10. Remove the local image.

set -e

# Set current project

# Set the latest image tag${PROJECT_ID}/redmine:${GIT_BRANCH#*/}-${GIT_COMMIT:0:7}

# Set the Hub Url

# Set the Hub Scheme

# Build image
echo "Docker build started"
docker build -t $IMAGE_TAG .
echo "Docker build completed"

# Download the BlackDuck Hub scan client based on the OS and unzip it
case "$OSTYPE" in
darwin*) curl -LOk $HUB_SCHEME://$HUB_URL/download/ ;;
linux*) curl -LOk $HUB_SCHEME://$HUB_URL/download/ ;;
msys*) curl -LOk $HUB_SCHEME://$HUB_URL/download/ ;;
*) echo "BlackDuck Scan client is unavailable for : $OSTYPE" ;;

echo "Scan client download completed"
unzip scan.cli*.zip
echo "Scan client unzip done"

# Call the BlackDuck Hub scan docker script
cd scan.cli-*/bin
echo "change directory done"
./ --image $IMAGE_TAG --host $HUB_URL --username sysadmin --scheme $HUB_SCHEME --use-local
echo "Scan completed"

# remove zip file and folder
cd ../..
rm -rf scan.cli-*
echo "Removed the client files"

# Push image
gcloud docker -- push $IMAGE_TAG
echo "GCloud docker push completed"

# Remove the local image
docker rmi $IMAGE_TAG
echo "Removed local docker image"

After this step, the scans automatically upload to Black Duck.