Top 10 Static Code Analysis Tool | Best Static Code Analysis Tools List

top-10-static-code-analysis-tool
Software security is a very important concern for todays Software market and for that you need to do code analysis in the development lifecycle. Now we can not imagine ourselves to sit back and do manual reading each line of codes and find issues and bugs. Those days of manual review in the software development lifecycle to find the flaws in the codes are over now.
Now the mindsets has changed and developing quality & secure code from the beginning is on rise. This is the time of automation and developers & programmers are now shifting towards the adoption of tools which auto detects the flaws as soon as possible in the software development lifecycle.
As the process shifting towards the automation, static code analysis (SCA) has become an important part of creating quality code. Now the question here is, What is Static Code Analysis?

Static Code Analysis is a technique which quickly and automatically scan the code line by line to find security flaws and issues that might be missed in the development process before the software or application is released. It functions by reviewing the code without actually executing the code.

There are three main benefits of Static analysis tools
1. Automation —  Automation can save your time and energy which ultimately means you can invest your time and energy in some other aspects of development lifecycle, which will help you to release your software faster.
2. Security — Security is also one of the major concern and by adopting Static analysis you can cut the doubt of security vulnerabilities in your application, which will ensure that you are delivering a secure and reliable software.
3. Implementation — Static analysis can be implemented as early in the software development lifecycle (SDLC) as you have code to scan, it will give more time to fix the issues discovered by the tool. The best thing of static analysis is that it can detect the exact line of code that’s been found to be problematic.
There are so many Static code analysis tools are available to ease our work but to choose good tools among them is really a challenging task. I have done some research and providing you the list of top 10 static code analysis tools:-

1. VisualCodeGrepper

static-code-analysis-tool-visualcodegrepper
Visualcodegreeper is an open source automated code security review tool which works with C++, C#, VB, PHP, Java and PL/SQL to track the insecurities and different issues in the code. This tool rapidly review and depicts in detail the issues it discovers, offering a simple to use interface. It allows custom configurations of queries and it’s updated regularly since its creation (2012).
2. Coverity

static-code-analysis-tool-coverity

Coverity is also an open source static code analysis tool which supports C, C++, C#, Objective-C, Java, Javascript, node.JS, Ruby, PHP & Python. It is an excellent static analysis product with support of 100 compilers & detailed and clear description of the code issues you can use it in your desktop environment to quickly find and resolve the errors before checking in the code.

3. Veracode

static-code-analysis-tool-veracode

Veracode is also one of the best static code analysis tool which can find security flaws in application binary code – compiled or “byte” code even when the consideration of source code is not available. Veracode supports multi-languages which includes .NET (C#, ASP.NET, VB.NET), Java (Java SE, Java EE, JSP), C/C++, JavaScript (including AngularJS, Node.js, and jQuery), Python, PHP, Ruby on Rails, ColdFusion, Classic ASP, including mobile applications on the iOS and Android platforms and written in JavaScript cross platform frameworks.

4. YASCA

static-code-analysis-tool-yasca

“Yet Another Source Code Analyzer (YASCA)” is an open source stactic code analysis tool which supports HTML, Java, JavaScript, .NET, COBOL, PHP, ColdFusion, ASP, C/C++ and some other languages. It is an easy to extend and a flexible tool which can integrate with variety of other tools which includes CppCheck, Pixy, RATS, PHPLint, JavaScript Lint, JLint, FindBugs and various others.
5. Cppcheck

static-code-analysis-tool-cppcheck

Cppcheck is an open source static code analysis tool for C/C++. Cppcheck basically identifies the sorts of bugs that the compilers regularly don’t recognize. The objective is to identify just genuine mistakes in the code. It provides both interface command line mode and graphical user interface (GUI) mode and has possiblitites for environment integration. Some of them are Eclipse, Hudson, Jenkins, Visual Studio.

6. Clang

 

static-code-analysis-tool-clang
Clang is also one of the best static code analysis tool for C, C++ and objective-C. This analyzer can be run either as standalone tool or within Xcode. It is an open source tool and a part of the clang project. It utilizes the clank library, hence forming a reusable component and can be utilized by multiple clients.

7. RIPS

 

static-code-analysis-tool-rips
RIPS is a static code analyzer tool to detect different types for security vulnerabilities in PHP codes. RIPS also provide integrated code audit framework for manual analysis. It is an open source tool too and can be controlled via web interface.
8. Flawfinder
static-code-analysis-tool-flawfinder
Flawfinder is also one of the best static analysis tool for C/C++. This tool is easy to use and wel designed. It reports possible security vulnerabilities sorted by risk level. It is an open source tool written in python and use command line interface.
9. DevBug
static-code-analysis-tool-devbug
DevBug is an online PHP static code analyser which is very easy to use and written on Javascript. It was intended to make essential PHP Static Code Analysis accessible on the web, to raise security mindfulness and to incorporate SCA into the development procedure. This analyser tool is also available in open source.

10. SonarQube

 

static-code-analysis-tool-devbug
SonarQube is one of the best and well known open source web based static code analysis tool, it can scan projects written in many different programming languages including  ABAP, Android (Java), C, C++, CSS, Objective-C, COBOL, C#, Flex, Forms, Groovy, Java, JavaScript, Natural, PHP, PL/SQL, Swift, Visual Basic 6, Web, XML, Python and also allows a number of plug ins. What makes SonarQube really stand out is that It provides metrics about your code which will to help you to take the right decision and translates these non-descript values to real business values such as risk and technical debt.
So, above we mentioned top selective static code analysis tools which can be helpful, but if you think this lists should contain some other tools than feel free to share in comment box.
Tagged : / / / / / / / / / / / / / /

How DevOps course is enhancing the capability of software development?

devops-course-is-enhancing-the-capability-of-software-development
How DevOps course is enhancing the capability of software development?
Software Industry in these days adopting a new practice called “DevOps”. This word change the process of software development in a very short time. That is why the demand of DevOps engineers and professionals are high in these days but to become a good DevOps engineer you need good courses and trainers which is a real challenge to find. This challenge has been solved by devopsschool.com
But before getting in lets first understand what is DevOps? DevOps is actually a process which integrates developers and IT operation units to improve collaboration and productivity by automation, measurements and sharing. The implementation of DevOps is not only beneficial for developers and operations, but it also has a positive effect on the web service development and quality assurance performance. The main purpose of DevOps is to give fast deployment of features into production and to find and correct the issue when they appear, without disrupting other services. If we look deeply how DevOps skills enhance the software lifecycle than we can find that:-
1. If we hire people with both development and operations skills which we can find in a DevOps guy, it will create a culture that nurtures collaboration.
2. DevOps skills looks beyond the line of departments and units, which brings positive change in the whole environment.
3. DevOps skills give you an overview of the development pipeline, which is helpful for business, developers and operations.
4. By implementing continuous delivery, DevOps helps to release product on demand.
5. DevOps skills give you automation by the uses of tools.
6. By having communication between the Developers and operations teams it will improve understanding.
7. By use of cloud services in development cycle it will simplify the infrastructure of the network.
8. By making administrations as adaptation control available for both Dev and Ops.
9. By recommending changes to your plan of action as required.
10. By including QA amid the move procedure.
11. By making QA a partner when considering reporting.
12. By utilizing Real time User Monitoring to distinguish issues early.
13. By setting up a unified framework amid the move to DevOps.
14. By considering contributions from both Dev and Ops groups similarly.
15. By recommending utilization of models, for example, CMMI and ITIL.
16. By executing built up big business procedures, for example, Disciplined Agile Delivery.
If you are a software student or work in IT or in a software industry, whether as a programmer, developer, systems analyst, engineer, database admin or security expert, at some point you will need to know about DevOps and It’s implementation. It’s a mindset which is very necessary for todays software industry. So it’s very important to enhance the DevOps skills by taking good DevOps courses and a good place to start would be scmGalaxy.com.
Tagged : / / / / / / / / / / / / /

Top 10 DevOps Online Resources to learn, share and practice.

devops-online-resources
DevOps is a hot topic these days among-st IT professionals and when you as a student or professional who is related to this industry go to Google and search about “DevOps” you get (About 1,55,00,000 results (0.42 seconds)) results. So, this is not a tough job to find DevOps related resources. But when you need to find best resources for DevOps learning, practicing and want to surround yourself with DevOps like minded people than it is really a tough job to find. So, Let me make this task easy for you.  I did some research and made lists of Top 10 DevOps resources where you can learn, practice, share, discuss and get latest updates and news online about DevOps.
So, Here is the list of top 10 DevOps resources, Just explore
scmGalaxy is a one stop portal for DevOps learning where you can find DevOps tutorials, DevOps courses, certifications, trainers, study materials and much more all in one place. They are the largest scm, DevOps, Build & Release community worldwide. They have well designed DevOps courses and certification programs and well known dedicated DevOps trainers which will help you to become best DevOps engineers. scmGalaxy provide all there services for many citites and countries in the world, some of them are Hyderabad, Bangalore, London, Amsterdam, Mumbai, Singapore, san francisco, Europe, Australia etc. They give there participants life time access for there tutorials and they can attend future classes without any extra charges even after completing there training. I also checked scmGalaxy reviews and testimonials on various platforms like FB, Linkedin, YouTube and on other paltforms too and after reading that I can say that they are one of the best resources for DevOps learning and deserve to be in our list.
DevOps school is also amongst those who provide training and certification for DevOps courses. But why do I keep it in my list? The reason is when you go there website the first thing which will be noticed, there tutorials tab, which shows there wish to help participants with DevOps related issues which can be acccessed without any charges. Isn,t it great? DevOps school also provides quizes, videos, assignments, courses, training and certifications for DevOps. I checked there reviews and testimonials on various paltforms find there services spotless. The participants who attended there training sessions reviewed them one of the best schools for DevOps training.
If you want yourself to be the first to get updated with latest DevOps related news than this is the paltform. BestDevOps is a DevOps updates and news platform where you can read about DevOps related updates, events, news, tutorials, tips and much more. This platform is quite new but when you browse you can find lots of DevOps content which will be very helpful if you are a DevOps enthusiast. They update on regular basis with authentcity. You don’t need to go anywhere else or in google for search just give few minutes to this portal and you can have all the updates for the day.
DevOpso is a community based website which provides space to devops practitioners to share their stories, practices, discussions and tips around the world. This platform is very active with DevOps experts. You can find solutions and can do discussions on DevOps related topics with members just by joining this platform. I browsed there site and find there are a lot of DevOps related issues posted there and community members come up with some great solutions. I can say this community site should be in your list if you want to surround yourself with DevOps like minded peoples.
Linkdin as we all know, this is a place where you can find all professional networks. So this lnkedin group is also one of the place where you can get connnected with DevOps peoples. In this linkedin group, there are many highly active members who frequently respond to discussions, post the latest DevOps articles and blog posts, and who are welcoming towards new members of the group.
Facebook which does not need any introduction, as it is a leading social media platform worldwide. So here you can also surround yourself with DevOps professionals and practitioners. This facebook group is one of the leading DevOps group you can join and get updated with DevOps posts, articles, tips and do discussion on DevOps topics with active members around the globe.
Google groups are also one of the place where you can join DevOps practioners online. You can join this group which is one of the most popular DevOps group and continuously growing with new members globally. It’s shows that members gets here quality content on DevOps. You can find webinars, Demo sessions, tips, articles and much more in this group.
Amazon AWS offers various web related services. The size and reach of Amazon Web Services justifies itself. They provides reliable, scalable, and inexpensive cloud computing services. They have 2 blogging platforms in which one is decicated to AWS Architecture and other one is dedicated to technology. You can follow their posts monitor the discussions so that you can respond, comment, and learn.
If you are a DevOps guy than you must heard about Puppet or Puppet Lab. Puppet is widely supported open source cofiguration management tool. If you explore Puppet Labs site than you can find there is a hefty amount of documentation and other information for the program and DevOps in general. So, I consider there site as a great paltform and is worth checking out.
10. Docker
Docker is an IT revolutionary tool, Docker pioneered the concept of containers. If you take a look on Docker site you can read about the container technologies and also understand the uses of Docker. They have there blog platform where they post about containerization and various other DevOps related informations which can not be missed if you are a DevOps enthusiast.
So, It doesn’t matter whether you are just starting out or an experienced professional, You should check above mentioned resources on regular basis and If you know about any other resources which you think should be listed then feel free to share with us.
Tagged : / / / / / / / / / / / / / / / / / / / / / / /

Environment variables and properties defined in jenkins | Jenkins Tutorial

Environment variables and properties defined in jenkins

Jenkins Set Environment Variables

When a Jenkins job executes, it sets some environment variables that you may use in your shell script, batch command, Ant script or Maven POM 1. The following table contains a list of all of these environment variables.

Environment Variable Description
BUILD_NUMBER The current build number, such as “153”
BUILD_ID The current build id, such as “2005-08-22_23-59-59” (YYYY-MM-DD_hh-mm-ss, defunct since version 1.597)
BUILD_URL The URL where the results of this build can be found (e.g. http://buildserver/jenkins/job/MyJobName/666/)
NODE_NAME The name of the node the current build is running on. Equals ‘master’ for master node.
JOB_NAME Name of the project of this build. This is the name you gave your job when you first set it up. It’s the third column of the Jenkins Dashboard main page.
BUILD_TAG String of jenkins-${JOB_NAME}-${BUILD_NUMBER}. Convenient to put into a resource file, a jar file, etc for easier identification.
JENKINS_URL Set to the URL of the Jenkins master that’s running the build. This value is used by Jenkins CLI for example
EXECUTOR_NUMBER The unique number that identifies the current executor (among executors of the same machine) that’s carrying out this build. This is the number you see in the “build executor status”, except that the number starts from 0, not 1.
JAVA_HOME If your job is configured to use a specific JDK, this variable is set to the JAVA_HOME of the specified JDK. When this variable is set, PATH is also updated to have $JAVA_HOME/bin.
WORKSPACE The absolute path of the workspace.
SVN_REVISION For Subversion-based projects, this variable contains the revision number of the module. If you have more than one module specified, this won’t be set.
CVS_BRANCH For CVS-based projects, this variable contains the branch of the module. If CVS is configured to check out the trunk, this environment variable will not be set.
GIT_COMMIT For Git-based projects, this variable contains the Git hash of the commit checked out for the build (like ce9a3c1404e8c91be604088670e93434c4253f03) (all the GIT_* variables require git plugin)
GIT_URL For Git-based projects, this variable contains the Git url (like git@github.com:user/repo.git or [https://github.com/user/repo.git])
GIT_BRANCH For Git-based projects, this variable contains the Git branch that was checked out for the build (normally origin/master)

Promoted Build Plugin Environment Variables

If you are using the Promoted Build Plugin, you will have access to the following environment variables. This allows you to access information about your Jenkins build since certain environment variables stated above (such as BUILD_TAG now refer to the Promoted Build Plugin’s job.

Environment Variable Replaces Description
PROMOTED_URL BUILD_URL The URL of the original Jenkins job that is involved with the promotion. BUILD_URL now refers to the Promotion’s URL
PROMOTED_JOB_NAME JOB_NAME The name of the original Jenkins job that is involved with the promotion. JOB_NAME now refers to the Promotion’s job’s name
PROMOTED_NUMBER BUILD_NUMBER The Build Number of the job being promoted. BUILD_NUMBER now refer’s the the Promotion Number
PROMOTED_ID BUILD_ID The Build ID (ex. “2005-08-22_23-59-59” (YYYY-MM-DD_hh-mm-ss) ) of the original Jenkins job. BUILD_ID now refer’s to the Promotion’s build ID.

System Properties

Name  ↓ Value   
awt.toolkit sun.awt.X11.XToolkit
com.sun.akuma.Daemon daemonized
executable-war /usr/lib/jenkins/jenkins.war
file.encoding UTF-8
file.encoding.pkg sun.io
file.separator /
java.awt.graphicsenv sun.awt.X11GraphicsEnvironment
java.awt.headless true
java.awt.printerjob sun.print.PSPrinterJob
java.class.path /usr/lib/jenkins/jenkins.war
java.class.version 52.0
java.endorsed.dirs /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.111-2.b15.el7_3.x86_64/jre/lib/endorsed
java.ext.dirs /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.111-2.b15.el7_3.x86_64/jre/lib/ext:/usr/java/packages/lib/ext
java.home /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.111-2.b15.el7_3.x86_64/jre
java.io.tmpdir /tmp
java.library.path /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
java.runtime.name OpenJDK Runtime Environment
java.runtime.version 1.8.0_111-b15
java.specification.name Java Platform API Specification
java.specification.vendor Oracle Corporation
java.specification.version 1.8
java.vendor Oracle Corporation
java.vendor.url http://java.oracle.com/
java.vendor.url.bug http://bugreport.sun.com/bugreport/
java.version 1.8.0_111
java.vm.info mixed mode
java.vm.name OpenJDK 64-Bit Server VM
java.vm.specification.name Java Virtual Machine Specification
java.vm.specification.vendor Oracle Corporation
java.vm.specification.version 1.8
java.vm.vendor Oracle Corporation
java.vm.version 25.111-b15
JENKINS_HOME /var/lib/jenkins
jna.loaded true
jna.platform.library.path /usr/lib64:/lib64:/usr/lib:/lib:/usr/lib64/mysql
jnidispatch.path /tmp/jna–1712433994/jna4147775405825940943.tmp
line.separator
mail.smtp.sendpartial true
mail.smtps.sendpartial true
os.arch amd64
os.name Linux
os.version 3.10.0-514.el7.x86_64
path.separator :
sun.arch.data.model 64
sun.boot.class.path /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.111-2.b15.el7_3.x86_64/jre/lib/resources.jar:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.111-2.b15.el7_3.x86_64/jre/lib/rt.jar:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.111-2.b15.el7_3.x86_64/jre/lib/sunrsasign.jar:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.111-2.b15.el7_3.x86_64/jre/lib/jsse.jar:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.111-2.b15.el7_3.x86_64/jre/lib/jce.jar:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.111-2.b15.el7_3.x86_64/jre/lib/charsets.jar:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.111-2.b15.el7_3.x86_64/jre/lib/jfr.jar:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.111-2.b15.el7_3.x86_64/jre/classes
sun.boot.library.path /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.111-2.b15.el7_3.x86_64/jre/lib/amd64
sun.cpu.endian little
sun.cpu.isalist
sun.font.fontmanager sun.awt.X11FontManager
sun.io.unicode.encoding UnicodeLittle
sun.java.command /usr/lib/jenkins/jenkins.war –logfile=/var/log/jenkins/jenkins.log –webroot=/var/cache/jenkins/war –daemon –httpPort=8080 –debug=5 –handlerCountMax=100 –handlerCountMaxIdle=20
sun.java.launcher SUN_STANDARD
sun.jnu.encoding UTF-8
sun.management.compiler HotSpot 64-Bit Tiered Compilers
sun.os.patch.level unknown
svnkit.http.methods Digest,Basic,NTLM,Negotiate
svnkit.ssh2.persistent false
user.country US
user.dir /
user.home /var/lib/jenkins
user.language en
user.name jenkins
user.timezone America/New_York

Environment Variables

Name  ↓ Value   
_ /etc/alternatives/java
HOME /var/lib/jenkins
LANG en_US.UTF-8
LOGNAME jenkins
NLSPATH /usr/dt/lib/nls/msg/%L/%N.cat
PATH /sbin:/usr/sbin:/bin:/usr/bin
PWD /
SHELL /bin/bash
SHLVL 2
USER jenkins
XFILESEARCHPATH /usr/dt/app-defaults/%L/Dt

Plugins

Name  ↓ Version    Enabled    Pinned   
ace-editor 1.1 true false
ant 1.4 true false
antisamy-markup-formatter 1.5 true false
bouncycastle-api 2.16.0 true false
branch-api 1.11.1 true false
build-timeout 1.18 true false
cloudbees-folder 5.16 true false
credentials 2.1.10 true false
credentials-binding 1.10 true false
display-url-api 0.5 true false
durable-task 1.12 true false
email-ext 2.53 true false
external-monitor-job 1.7 true false
git 3.0.1 true false
git-client 2.2.0 true false
git-server 1.7 true false
github 1.25.1 true false
github-api 1.84 true false
github-branch-source 1.10.1 true false
github-organization-folder 1.5 true false
gradle 1.25 true false
handlebars 1.1.1 true false
icon-shim 2.0.3 true false
jacoco 2.1.0 true false
javadoc 1.4 true false
jira 2.3 true false
jobConfigHistory 2.15 true false
jquery 1.11.2-0 true false
jquery-detached 1.2.1 true false
junit 1.19 true false
ldap 1.13 true false
mailer 1.18 true false
mapdb-api 1.0.9.0 true false
matrix-auth 1.4 true false
matrix-project 1.8 true false
maven-plugin 2.14 true false
momentjs 1.1.1 true false
pam-auth 1.3 true false
pipeline-build-step 2.4 true false
pipeline-graph-analysis 1.3 true false
pipeline-input-step 2.5 true false
pipeline-milestone-step 1.3 true false
pipeline-rest-api 2.4 true false
pipeline-stage-step 2.2 true false
pipeline-stage-view 2.4 true false
plain-credentials 1.3 true false
resource-disposer 0.3 true false
scm-api 1.3 true false
script-security 1.25 true false
sonar 2.5 true false
ssh-credentials 1.12 true false
ssh-slaves 1.12 true false
structs 1.5 true false
subversion 2.7.1 true false
thinBackup 1.9 true false
timestamper 1.8.7 true false
token-macro 2.0 true false
windows-slaves 1.2 true false
workflow-aggregator 2.4 true false
workflow-api 2.8 true false
workflow-basic-steps 2.3 true false
workflow-cps 2.23 true false
workflow-cps-global-lib 2.5 true false
workflow-durable-task-step 2.7 true false
workflow-job 2.9 true false
workflow-multibranch 2.9.2 true false
workflow-scm-step 2.3 true false
workflow-step-api 2.7 true false
workflow-support 2.12 true false
ws-cleanup 0.32 true false

Useful Plugins

https://wiki.jenkins-ci.org/display/JENKINS/EnvInject+Plugin

Reference

https://wiki.jenkins-ci.org/display/JENKINS/Building+a+software+project
http://jenkins:8080/systemInfo

Tagged : / / / / / / /

How to build when a change is pushed to GitHub in Jenkins?

build-when-a-change-is-pushed-to-github-in-jenkins
The GitHub plugin for Jenkins is the most basic plugin for integrating Jenkins with GitHub projects. If you are a GitHub user, this plugin enables you to:
  • Schedule your build
  • Pull your code and data files from your GitHub repository to your Jenkins machine
  • Automatically trigger each build on the Jenkins server, after each Commit on your Git repository

This saves you time and lets you incorporate your project into the Continuous Integration (CI) process.

How to Start Working with the GitHub Plugin for Jenkins
Install the Github Jenkins plugin
Go to “Manage Jenkins” –> “Manage Plugins” –> “Available” Tab –> Search for “GitHub plugin” and install it.
Configure the plugin with github accounts and keys
Go to “Manage Jenkins” –> “Configure System” –> Locate “Github” section and “Add Github Server”.

API URL – If you server is github.com, your “API URL” would be “https://api.github.com” Otherwise if you use GitHub Enterprise, specify its API endpoint here (e.g., https://ghe.acme.com/api/v3/).

Credentials – You can create your own personal access token in your account GitHub settings.
Token should be registered with scopes: Refer https://github.com/settings/tokens/new.
Add credentials (your Github token), Apply and “Test Connection”.

Open your Jenkins Project

a) Check the GitHub project checkbox and set the Project URL to point to your GitHub Repository

b) Under Source Code Management, check Git and set the Repository URL to point to your GitHub Repository
c) Under Build Triggers, check the “Build when a change is pushed to GitHub” checkbox
4. Install the Jenkins (GitHub plugin) and set a webhook to your Jenkins machine
a) From your GitHub repository, go to Settings and then to Integrations & Services
b) Click on Add Service and add ‘Jenkins (GitHub plugin)’

c) Set the Jenkins hook URL as the URL for your Jenkins machine, and add /github-webhook/



Congratulations! Every time you publish your changes to Github, GitHub will trigger your new Jenkins job.
Another Approach noted by suprakash
Actually if you do the web hook settings from Jenkins -> Github plugin configuration (mentioned above), you will still see webhooks get created in github. So , above two approaches basically doing the same thing.
I personally like it to create webhook from Github, because in this way you don’t have to share or store github user info in jenkins.
Steps : 1. Login into Github (with Admin) 2. Go to the repository you want to hook with jenkins 3. Click on settings tab -> webhooks & services 4. Click on Add Webhook 5. Enter payload url : like : http://:8080/github-webhook/ 6. Select content type as json 7. you are done

Now you do the changes and commit , you will see jenkins build get trigger automatically. Don’t forget to do the settings in jenkins jobs to start the build when push code in github.

Reference

Tagged : / / / / / / / /

Complete guide to use Jenkins CLI / Command line | Jenkins Tutorials

jenkins-cli-command-line
Complete guide to use Jenkins CLI / Command line?
Run Jenkins build from command is very simple in Linux system. If you are using using windows, gitbash is a recommended which has bash shell in built. You can use windows command line as well. Jenkins has support to command line client that allows you to access Jenkins from command line.
To Trigger Jenkins build from command line some prerequisite are there
Jenkins service is running.
Enable security option under “Configure Global Security”
Go to jenkins dashboard in Home page ( e.g http://localhost:8080/ ) -> Manage Jenkins
-> Configure Global Security -> Click on “Enable security” checkbox

You can also configure “Access Control” and “Authorization” option in Global Security page.

Download Jenkins-cli.jar
Download Jenkins-cli.jar from http://<your_jenkins_server_url>/jnlpJars/jenkins-cli.jar. (Here <your_jenkins_server_url> is your respective Jenkins server URL (development or staging))
Go to http://<your_jenkins_server_url>/cli and build your command by following the instructions there.
How to login to Jenkins using commands
If your Jenkins requires authentication, use –username and –password or –password-file options to specify the credentials. To avoid doing this for every command, you can also use the login CLI command once (with the same credentials parameters), and after that you may use other commands without specifying credentials.
Whenever the CLI tries to to connect to the Jenkins server, it offers the before mentioned SSH keys. When the user has those keys but don’t want use them to authenticate, preventing being prompted by the key’s password, it’s possible to use the -noKeyAuth argument. This way the CLI will never try to use the SSH keys available. failure to authenticate by itself does not constitute a fatal error. It will instead try to execute the command anyway, as the anonymous user.
Login Jenkins using username and Password
Jenkins allow us to trigger Jenkins build with any specific user, For that we have to pass username and password in command line.
$ java -jar “/tmp/kitchen/cache/jenkins-cli.jar” -s http://localhost:8080 who-am-i –username jenkins –password foobar
$ java -jar jenkins-cli.jar -s http://myjenkins help –username me –password mypassword
Login Jenkins using public keys
Starting 1.419 (which will be out July 4th), Jenkins CLI supports authentication based on the SSH key pair. Just like CloudBees DEV@cloud (or GitHub, or other similar sites), you interactively login from the web UI, then associate your public keys with your user account. Then CLI will silently authenticates itself using your ~/.ssh/id_rsa, ~/.ssh/id_dsa, or ~/.ssh/identity.
https://help.github.com/articles/generating-an-ssh-key/
Login Jenkins using private keys
You can also pass the priate key as follows
To use the -i option the syntax is as follows:
$ java -jar jenkins-cli.jar -s http://myjenkins help -i ~/.ssh/id_rsa
$ java -jar jenkins-cli.jar [-s JENKINS_URL] [-i PRIVATE_KEY] command [options…] [arguments…]
For compatibility reasons, unless you use the -i option,
Login Jenkins using initialAdminPassword
try user “admin” and password from “Jenkins\secrets\initialAdminPassword”
java -jar jenkins-cli.jar -s http://localhost:8080 who-am-i –username admin –password fe3f1e1624ea4be8873b7a35e28b24be
Login Jenkins using passphrase
Go to http://jenkins-serer:8085/user/admin/configure and set the passphrase in “SSH Public Keys” and use the same passphrase with jenkins commands.
E.g 1 – Getting help
The list of the available commands depends on the server you are talking to. Visit https://jenkins.example.com/cli or use ‘help’ command to list them all:
> java -jar jenkins-cli.jar -s https://jenkins.example.com help [command]
E.g 2 – Run Jenkins Build From Command Line
> java -jar jenkins-cli.jar -s http://<jenkins server>/ build build-name [-c] [-f] [-p] [-r N] [-s] [-v] [-w]
build-name : Name of the job to build
-c  : Check for SCM changes before starting the build, and if there’s no change, exit without doing a build
-f  : Follow the build progress. Like -s only interrupts are not passed through to the build.
-p  : Specify the build parameters in the key=value format.
-s  : Wait until the completion/abortion of the command. Interrupts are passed through to the build.
-v  : Prints out the console output of the build. Use with -s
-w  : Wait until the start of the command
Example  – java -jar jenkins-cli.jar -s http://localhost:8080/ build ‘my-project-build’ –username roop –password roop
E.g 3 – List all jobs under the view: tools
$ java -jar jenkins-cli.jar -s http://jenkins/ list-jobs tools
E.g 4 – Get the configuration of the job: template
$ java -jar jenkins-cli.jar -s http://jenkins/ get-job template > template.xml
E.g 5 – Create a new job based on the configuration
$ java -jar jenkins-cli.jar -s http://jenkins/ create-job new_job_name < new_job_name.xml
E.g 6 – Run groovy script
$ java -jar jenkins-cli.jar -s http://jenkins/ groovy scripts/add_job_to_view.groovy
If there are any parameters in the script, just as:
import jenkins.model.*
if (args.length != 2 ) {
  println “Error on arguments!”
}
def jobName  = args[0] ?: ‘a_job’
def viewName = args[1] ?: ‘a_view’
println jobName + ‘ ‘ + viewName
def v = Jenkins.instance.getView(viewName)
def i = Jenkins.instance.getItemByFullName(jobName)
if (v && i) {
  v.add(i)
}
pass the parameters as:
$ java -jar jenkins-cli.jar -s http://jenkins/ groovy scripts/add_job_to_view.groovy JOB_NAME VIEM_NAME
E.g 7 – Build a job
$ java -jar jenkins-cli.jar -s http://jenkins/ build new_job_name
E.g 8 – Diable a job
$ java -jar jenkins-cli.jar -s http://jenkins/ disable-job new_job_name
E.g 8 – Passing parameters when triggering a job build
Job parameters are a very handy concept. Perhaps you’ve only ever used Jenkins or another CI system to automatically run builds when a remote SCM/git repo changes. You can also trigger builds manually from within Jenkins. And whilst you’re doing that, your job can prompt for parameters to the build.
For example, we have a job named similar to “Deploy XYZ App”. It has the git repo hardcoded in the job like a normal build, but when you press “Build”, it shows a list of options: string fields, drop-down lists, etc.
When the job runs, you can use these values anywhere within your job’s configuration. Its very cool.
But how to pass those same parameters via the CLI? You use the -p key=value flag for each parameter you want to pass.
So our finished product might look like:
$ java -jar jenkins-cli.jar -s http://myjenkins build ‘Deploy XYZ App’ -i ~/.ssh/id_rsa -s -v -p target_env=api.cloudfoundry.com -p branch=master
Commons problems
Operation timed out
$ java -jar jenkins-cli.jar -s YOUR_SERVER_URL help
Exception in thread “main” java.net.ConnectException: Operation timed out
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:432)
at java.net.Socket.connect(Socket.java:529)
at java.net.Socket.connect(Socket.java:478)
at java.net.Socket.<init>(Socket.java:375)
at java.net.Socket.<init>(Socket.java:189)
at hudson.cli.CLI.<init>(CLI.java:97)
at hudson.cli.CLI.<init>(CLI.java:82)
at hudson.cli.CLI._main(CLI.java:250)
at hudson.cli.CLI.main(CLI.java:199)
Check that the JNLP port is opened if you are using a firewall on your server. You can configure its value in Jenkins configuration. By default it is set to use a random port.
java.io.IOException: No X-Jenkins-CLI2-Port
java.io.IOException: No X-Jenkins-CLI2-Port among [X-Jenkins, null, Server, X-Content-Type-Options, Connection, X-You-Are-In-Group, X-Hudson, X-Permission-Implied-By, Date, X-Jenkins-Session, X-You-Are-Authenticated-As, X-Required-Permission, Set-Cookie, Expires, Content-Length, Content-Type]
at hudson.cli.CLI.getCliTcpPort(CLI.java:284)
at hudson.cli.CLI.<init>(CLI.java:128)
at hudson.cli.CLIConnectionFactory.connect(CLIConnectionFactory.java:72)
at hudson.cli.CLI._main(CLI.java:473)
at hudson.cli.CLI.main(CLI.java:384)
Suppressed: java.io.IOException: Server returned HTTP response code: 403 for URL: http://citest.gce.px/cli
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1840)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
at hudson.cli.FullDuplexHttpStream.<init>(FullDuplexHttpStream.java:78)
at hudson.cli.CLI.connectViaHttp(CLI.java:152)
at hudson.cli.CLI.<init>(CLI.java:132)
… 3 more
Solution: Go to Manage Jenkins -> Configure Global Security -> “TCP port for JNLP agents”: choose fixed or random
Reference
Tagged : / / / / / / / /

How to Trigger builds remotely in Jenkins? | Jenkins Tutorials | scmGalaxy

trigger-builds-remotely-in-jenkins
How to Trigger builds remotely in Jenkins?
1. Create a user – You need to create a user in jenkins using you would like to trigger a jenkins jobs from remote loction or script
How to create users in Jenkins?
Manage Jenkins –> Manage Users –> Create User
2. Assign a right privillage to the specific user?
How to assign privillage to the user?
Manage Jenkins –> Configure Global Security –> Enabled “Anyone can do anything”
OR
Manage Jenkins –> Configure Global Security –> Configure “Matrix-based security” for the specific users and assign atleast following Permissions.
Overall – Read
Job – Build
Job – Read
Job – Workspace
3. Find out jenkins user “API Token”
How to find jenkins user “API Token”?
Click on the user name located at top right(e.g http://54.171.140.1:8080/user/admin1/) –> Configure –> Locate the “API Token” section.
4. Enabled “Trigger builds remotely” in Jenkins Job Configuration.
Click on the desired job –> Configure –> Locate the “Trigger builds remotely” under “Build Triggers” Tab
Enabled the check box of “Trigger builds remotely”
Provide some Authentication Token e.g – iFBDOBhNhaxL4T9ass93HRXun2JF161Z
$ Save
5. Formulate the command to run using curl. 
> curl –user userid:API-Token http://IP OR HOST:PORT/job/JOB_NAME/build?token=Authentication_Token
eg.curl –user admin1:91367cf0389eaf89669f74c9963c9fb3 http://54.171.140.1:8080/job/ANT-BUILD/build?token=iFBDOBhNhaxL4T9ass93HRXun2JF161Z
Some of other formats which is being tried in google but need to be tested with specific users. there are working with “Anonymous”
> curl -X POST http://admin1:91367cf0389eaf89669f74c9963c9fb3@54.171.140.1:8080/job/ANT-BUILD/build?token=iFBDOBhNhaxL4T9ass93HRXun2JF161Z

> wget http://admin1:91367cf0389eaf89669f74c9963c9fb3@54.171.140.1:8080/job/ANT-BUILD/build?token=iFBDOBhNhaxL4T9ass93HRXun2JF161Z

WORKING WITH NEW JENKINS
> wget –auth-no-challenge –user=admin –password=5ad344f0518640f62d0483084bb889bc http://13.126.143.49:8080/job/ANT//build?token=iFBDOBhNhaxL4T9ass93HRXun2JF161Z

If you are using wget 1.11 against Jenkins version 1.586 and above with the JENKINS-25169 fix, you might need to use the following options:
wget –auth-no-challenge –http-user=user –http-password=apiToken –secure-protocol=TLSv1 http://jenkins.yourcompany.com/job/your_job/build?token=TOKEN

If you are using wget 1.11, you might need to use the following options:
wget –auth-no-challenge –http-user=user –http-password=apiToken http://jenkins.yourcompany.com/job/your_job/build?token=TOKEN

With wget 1.10.x the following is enough (but will not work with 1.11.x) :
wget http://user:apiToken@jenkins.yourcompany.com/job/your_job/build?token=TOKEN

If you are a Windows User!
‘gitbash’ is a program combined of git and bash. A bash is shell that runs commands once you type the name of command and press enter. 🙂
Download  the git bash from here https://git-scm.com/download/win and install it.
Tagged : / / / / / / /