In the previous posts, you learned how to use ZAP with the Desktop client and via the command line with ZAP CLI. This post, you will learn how to use the Docker images which are provided by OWASP. This will even make it easier to automate ZAP, especially in a CI/CD pipeline.Continue reading “Automate ZAP With Docker”
In this post we are going to take a look at Jib, a tool from Google in order to create Docker images in an easy and fast way. No need to create a Docker file, no need to install a Docker daemon, Jib just runs out-of-the-box.Continue reading “Create Fast and Easy Docker Images With Jib”
You are looking for an easy way to automatically build your application in the Cloud? Then maybe Google Cloud Platform (GCP) Cloud Build is something for you. In this post, we will build a Spring Boot Maven project with Cloud Build, create a Docker image for it and push it to GCP Container Registry.
The past year, we wrote some articles using Minikube as Kubernetes cluster in order to experiment with. In this post, we will take our first steps into Google Cloud Platform (GCP) and more specifically of Kubernetes Engine. Let’s see whether going to the Cloud makes our lives even easier ;-). We will create a GCP account, create a Kubernetes cluster, deploy our application manually and deploy by means of Helm.
When you pull a Docker image, you will notice that it is pulled as different layers. Also, when you create your own Docker image, several layers are created. In this post we will try to get a better understanding of Docker layers.
In a previous post, we talked about how we can check our Docker images for any known vulnerabilities by means of Anchore Engine. This still required a manual action. Wouldn’t it be great if we could incorporate Anchore Engine into our Jenkins CI build job or pipeline? In this post, we will take a look at how we can accomplish this by means of the Anchore Container Image Scanner Jenkins Plugin.
When using Docker containers in production, we need to ensure that we are following best practices. In this post, we will focus on Ensure images are scanned and rebuilt to include security patches from the CIS Docker Community Benchmark which we discussed previously. The item states that you should scan your images “frequently” for any vulnerabilities and then take the necessary actions to mitigate these vulnerabilities. We will use Anchore Engine in order to accomplish this.
Do you want to experiment with Jenkins CI in a local setup? In this post we will setup a local Jenkins CI server, create a build job for a simple Spring Boot Maven project and push the created Docker image to DockerHub. It will be a setup for local experimenting only, but really handy if you want to try out a Jenkins plugin for example.
You are using Docker for development and testing purposes but did not yet take the step to use it in production? Then read on, because in this blog post we will take a look at how you can ensure that you run your Docker containers in a secure way.
Assume a new developer or test engineer is added to your team. You develop an application with obviously some kind of database and you want them to get up to speed as soon as possible. You could ask them to install the application and database themselves or you could support them with it, but this would cause a lot of effort. What if you handed them over a simple YAML file which would get them up to speed in a few minutes? In this post we will explore some of the capabilities of Docker Compose in order to accomplish this.