Scribd
Upload
12 views

CICD Pipeline

Uploaded by

Seshu Cherukuri
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
12 views

CICD Pipeline

Uploaded by

Seshu Cherukuri
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 10

CI/CD Pipeline

Sweta Agarwal
What is CI/CD Pipeline

• A pipeline is a process that drives software development through a path of building, testing,
and deploying code, also known as CI/CD.
• CI/CD combines practices of continuous integration and continuous delivery/continuous
deployment.
• Whenever some new code is pushed to the repository, the pipeline is triggered and starts to
unit test the code, build the image and push the image to a container registry.
Phases in CI/CD Pipeline

Listed down are few phases in the CI/CD pipeline.

• Build

• Unit Test, Code Coverage

• Docker Image Build

• Docker Image Scanning

• Docker Image Push


Build

Build consists of the below stages:

• Compilation: the first step builds the application.


• Linting: checks the code for programmatic and stylistic errors. Checkstyle gradle
plugin can be used.
• Code analysis: using automated source-checking tools, to control the code’s
quality. Sonarlint, SonarQube and similar tools can be used.
• Artifact generation: the last step packages the application for release or
deployment.
Unit test, Code Coverage

This phase is for testing the artifact we got from the build in the previous phase.

• Testing involves unit testing by the developing, automating the unit testcases with
the help of packages like Junit.

• Checking how much of the code is covered through testing, to make sure, all the
code written by the developer is tested using unit testcases. Code Coverage
Report can be generated using Jacoco (Java Code Coverage).
Docker Image Build

In this phase,

• A docker image is build using the Dockerfile specified.

• The docker image is used in the deployment the application.


Docker Image Scanning

Docker Image Scanning, scans the Image for vulnerabilities.

• In docker image scanning, it identifies vulnerabilities present in your application.

• The vulnerabilities can be present in the 3rd party utilities jars packaged along
with your application.

• Tools that can be used for Image scanning: Twistlock, Anchore Scans.

• These tools generate reports which vulnerabilities, where it was found, which jar
has the vulnerability, CVE (Common Vulnerabilties and Exposure.)
Docker Image Push

In this phase, the docker image after successful scanning is pushed to the specified
registry.

From this registry, users can pull the latest updated image for deploying the
application.
Reference Links

• https://www.redhat.com/en/topics/devops/what-cicd-pipeline
• https://checkstyle.org/
• https://www.baeldung.com/jacoco
• https://junit.org/junit5/
• https://www.cvedetails.com/
Thank you!

You might also like