Assignment#1 for DevSecOps Batch Sept 2021

List of 20 popular commands of docker

attach : Attach local standard input, output, and error streams to a running container
cp : Copy files/folders between a container and the local filesystem
create : Create a new container
diff : Inspect changes to files or directories on a container’s filesystem
exec : Run a command in a running container
inspect : Return low-level information on Docker objects
kill : Kill one or more running containers
pause: Pause all processes within one or more containers
port: List port mappings or a specific mapping for the container
ps: List containers
rename: Rename a container
restart: Restart one or more containers
rm: Remove one or more containers
run: Run a command in a new container
start: Start one or more stopped containers
stop: Stop one or more running containers
unpause: Unpause all processes within one or more containers
update: Update configuration of one or more containers
wait: Block until one or more containers stop, then print their exit codes

How to configure SMTP server in Sonarqube?

Configure SMTP For Outbound Emails

In order to configure outbound email, follow the steps below:

  • Log in to the SonarQube dashboard and click on the “Administration” tab.
  • Browse to the “Configuration -> General settings -> General” menu.
  • Under the “Email” section, fill out the required information. The settings below configure SonarQube to send emails through a Gmail account. Replace USERNAME and PASSWORD with your Gmail account username and password, respectively. SMTP port: 587 SMTP host: Secure connection: starttls SMTP password: PASSWORD SMTP username:
  • Save the changes.

List of most popular plugins of Jenkins from

Setup & Scaling

  1. Kubernetes
    The “Kubernetes” plugin is great for automating build agents on a Kubernetes cluster. Essentially, the plugin will dynamically create Kubernetes Pods that house a build agent that has started and will stop the agent once the build has completed.
    Navigating to Manage Jenkins -> Configure System -> Cloud -> Kubernetes will allow you to easily configure this free plugin. Note that if Jenkins is running on the cluster, the default configuration values can be used instead.
  2. Swarm
    This interesting plugin is useful if you plan on using Docker Swarm. It helps make life easier by allowing you to add worker nodes to a Jenkins master node effectively creating a cluster and making scalability much easier.
    “Swarm” also requires a client CLI application to be installed in order to have the secondary nodes join the primary node. Both the plugin and the CLI application are open source software.
  3. Amazon Elastic Container Service
    A plugin that deploys build agents to an existing Amazon ECS cluster. These builds run within separate Docker containers that are removed upon completion of the build.
    This plugin is free to download on your Jenkins instance, however, an Amazon AWS account is required. As of the time of this writing, the plugin is looking for new maintainers.
  4. Azure Container Service
    Similar to Amazon ECS, this plugin requires an existing cluster on Azure. Keep in mind that Azure Container Services is being deprecated by Microsoft, but this plugin still supports it as well as Azure Kubernetes Service.
    Like Amazon ECS, this plugin is free to use, but it does require an Azure account.


  1. Dashboard View
    Dashboard View enables you to create a customized view within the Jenkins dashboard. The user is able to select which jobs they want to include in the view as well as the different portlets.
    Creating a new view in this open source plugin is very easy and only requires a few button clicks.
  2. View Job Filters
    The “View Job Filters” plugin lets you choose from a wide range of filters to help manage lots of jobs. Basically, this lets you see only the jobs you want to see within a view.
    An interesting feature of this free plugin is that it does have a regular expression filter. This will be useful for companies that have hundreds of jobs running.
  3. Folders
    Tired of looking at a giant list of jobs? The “Folders” plugin allows you to organize them into your own customized folder structure.
  4. Jira
    “Jira” is an open source plugin that does exactly what it says. Once installed, you can integrate your Jenkins instance with Atlassian Jira Software.
    It is recommended, when using this plugin, to use a Jira service account instead of a personal account.


  1. Performance
    With this free plugin, you can run performance reports for your favorite test suites. Supported suites include JUnit, JMeter, Taurus, and others.
    Setting up a performance test is a very easy process that requires you to add a build step to run a performance test.
  2. Performance Publisher
    The “Performance Publisher” plugin generates global and trend reports that can be used for test result analysis. The really cool part is that it works with any test suite.
    A new version of this plugin hasn’t been released for a couple of years and it is currently up for adoption. However, based on the amount of downloads, there are still plenty of users.

Pipeline / Flow

  1. Job DSL
    The idea behind this plugin is that when you have a large number of jobs to manage, using the User Interface can be a tedious task. Therefore, this plugin helps you easily define jobs using a Groovy Based Language (a scripting language).
    One thing to keep in mind, is that the original plugin was deprecated. However, the newer version receives a ton of support on Github.
  2. Build Pipeline
    “Build Pipeline” is another interesting plugin because it gives you a view of all the jobs within your build pipeline. It also shows all the connected jobs that are upstream and downstream. What’s all really cool is if you have any jobs that require intervention before they run, manual triggers can be defined.
    At the time of this writing, the plugin has not been updated in a number of years and the current version contains a Stored XSS vulnerability.
  3. Multijob
    “Multijob” is a free plugin that is useful for cleaning up messes with chain definitions from upstream and downstream jobs. It’s also handy if you want to create a hierarchy of jobs that need to be executed either sequentially or in parallel.
  4. Pipeline
    “Pipeline” is actually a group of plugins that are used for creating continuous integration pipelines. The interesting part is that these pipelines are written by the user in a domain-specific language.
    Like most Jenkins plugins, “Pipeline” is open source and was originally known as “Workflow”.

Monitoring & Alerting

  1. Monitoring
    Since Jenkins was written in Java it only makes sense that the “Monitoring” plugin uses JavaMelody. In a nutshell, JavaMelody is an open source monitoring tool for Java and Java EE applications. This plugin monitors errors, issues, security, HTTP sessions, etc.

To access the monitoring reports, navigate to the url http://host/monitoring after installation.

  1. Disk-usage
    It is very important for you to know how much storage you have left in your Jenkins instance. This plugin shows you how much disk space is being used by your projects.
    Although the plugin hasn’t been updated in a few years, it is still a very handy tool to have in your toolbox. New maintainers are being requested for this plugin as well.
  2. Metrics
    The “Metrics” plugin uses the Dropwizard Metrics API to conduct standard health checks and gather standard metrics on plugins installed on your Jenkins instance.
    Both the “Metrics” plugin and Dropwizard Metrics API are open source tools that receive active support on Github.
  3. Mailer
    Once configured and added to the Post-Build action of the Jenkins job, the “Mailer” plugin will send you emails based on the job results.
    If you do not have an SMTP server, Jenkins will use the default server that is built into Jenkins.

Source Control Management (SCM)

  1. SCM API
    “SCM API” is a plugin that integrates with source control management systems. The built-in extension points allow developers to receive event notifications from SCM systems and easily browse through repositories and organizations.
  2. Git
    The “Git” plugin allows jobs to connect to remote repositories and run git operations against them.
    From a security standpoint, the plugin utilizes the “Jenkins credentials plugin”. Therefore, the credential types secret text, secret file and certificates are not supported.
  3. GitHub Integration
    With this plugin, you can integrate your Jenkins instance directly with Github. That means you can pull down code and files from Github to Jenkins, scheduled builds and process pull requests.
  4. Subversion
    This plugin adds Subversion repositories as an option in the SCM section of the job configurations screen.
    It also allows the use of server certificates to connect to your repository.

Tests & Analysis

  1. Test Results Analyzer
    The “Test Results Analyzer” is another open source plugin that takes away the pain of having to search through every individual build report. Essentially, it shows the result history of the builds in a tabular format that can be filtered based on what you want to see.