This repository contains the Node.js Goof demo app integrated with a Jenkins pipeline for SIT753 Task 8.1C / 8.2C.
It demonstrates GitHub–Jenkins integration, DevSecOps basics, vulnerability scanning, and email notifications.
- GitHub → Jenkins webhook integration (auto builds on commit)
- Dependency installation (
npm install) - Automated test execution (
npm test) - Coverage report generation (
npm run coverage) - Vulnerability scanning (
npm audit,snyk test) - Email notifications with logs attached
- Checkout – Pulls latest code from GitHub
- Install Dependencies – Installs required npm packages
- Run Tests – Runs unit tests (continues even if they fail)
- Generate Coverage Report – Generates code coverage results
- NPM Audit (Security Scan) – Runs security scan for vulnerabilities
- Email Notification – Sends build status and logs via email
git clone https://github.com/Arnold-Seb/8.2CDevSecOps.gitnpm install
- Install required plugins: Pipeline Git Email Extension NodeJS
- Configure SMTP for email notifications
- Add Snyk API Token to Jenkins credentials (ID: snyk)
- Configure GitHub webhook for automatic builds
- Run the Pipeline
##Run the Pipeline .Commit & push → Jenkins auto-triggers → pipeline runs → email notification sent
-
Part 1 – Task 1 (GitHub Integration) Demo video (30–45s): commit triggers Jenkins build, show console output
-
Part 1 – Task 2 (DevSecOps Scan) Demo video (30–45s): scroll through Jenkins console output showing vulnerability scan
-
Part 2 – Task 2 (Email Notification) Demo video (~1 min): show Jenkinsfile, run pipeline, show received email with log attachment
- Emails include: Stage name, SUCCESS / FAILURE status, Build number + Jenkins job link, Console log attachment
- Snyk integration via Jenkins credentials (ID: snyk)
- Reports vulnerabilities but does not fail the build (|| true used)
- Results appear in Jenkins console output + email
- Generated with: npm run coverage