From e9479d475358e830b0daef6d5700b5132b6639ec Mon Sep 17 00:00:00 2001
From: praju829 <prajktamhapsekar829@gmail.com>
Date: Tue, 3 May 2022 13:27:07 +0000
Subject: [PATCH 01/11] modified

---
 webapp/src/main/webapp/index.jsp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/webapp/src/main/webapp/index.jsp b/webapp/src/main/webapp/index.jsp
index d74e8b60..ce24cd05 100644
--- a/webapp/src/main/webapp/index.jsp
+++ b/webapp/src/main/webapp/index.jsp
@@ -1,2 +1,3 @@
 <h1> Hello Dear Students !! Welcome to DevOps Project-2 !! </h1>
 <h2> By Mr. Sai from Saidemy </h2>
+<h2> It's time to start DevOps Project2!! get ready!! </h2>

From 80b7171c631a271a7b94eed3051080aee02d2ec7 Mon Sep 17 00:00:00 2001
From: praju829 <prajktamhapsekar829@gmail.com>
Date: Wed, 4 May 2022 04:15:23 +0000
Subject: [PATCH 02/11] modified

---
 webapp/src/main/webapp/index.jsp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/webapp/src/main/webapp/index.jsp b/webapp/src/main/webapp/index.jsp
index ce24cd05..c5025dd2 100644
--- a/webapp/src/main/webapp/index.jsp
+++ b/webapp/src/main/webapp/index.jsp
@@ -1,3 +1,4 @@
 <h1> Hello Dear Students !! Welcome to DevOps Project-2 !! </h1>
 <h2> By Mr. Sai from Saidemy </h2>
 <h2> It's time to start DevOps Project2!! get ready!! </h2>
+<h2> welcome again!! </h2>

From a3b1061dbe0596f17d21090be8c5c2a751e2758b Mon Sep 17 00:00:00 2001
From: praju829 <prajktamhapsekar829@gmail.com>
Date: Wed, 4 May 2022 04:53:59 +0000
Subject: [PATCH 03/11] modified

---
 webapp/src/main/webapp/index.jsp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapp/src/main/webapp/index.jsp b/webapp/src/main/webapp/index.jsp
index c5025dd2..79566217 100644
--- a/webapp/src/main/webapp/index.jsp
+++ b/webapp/src/main/webapp/index.jsp
@@ -1,4 +1,4 @@
 <h1> Hello Dear Students !! Welcome to DevOps Project-2 !! </h1>
 <h2> By Mr. Sai from Saidemy </h2>
 <h2> It's time to start DevOps Project2!! get ready!! </h2>
-<h2> welcome again!! </h2>
+

From fde59fb0e38d226a15c9cacc6201ac9c71157d5e Mon Sep 17 00:00:00 2001
From: praju <102275980+praju829@users.noreply.github.com>
Date: Tue, 24 Jan 2023 16:11:02 +0530
Subject: [PATCH 04/11] Create snyk code

---
 snyk code | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 snyk code

diff --git a/snyk code b/snyk code
new file mode 100644
index 00000000..f9391c61
--- /dev/null
+++ b/snyk code	
@@ -0,0 +1,14 @@
+pipeline {
+  agent any 
+  stages {
+   stage('Test') {
+      steps {
+        echo 'Testing...'
+        snykSecurity(
+          snykInstallation: 'snyk',
+          snykTokenId: 'snyk cred',
+        )
+      }
+    }
+  }
+}

From c9cb95469e5d707ab38c723d54d7311c11e53617 Mon Sep 17 00:00:00 2001
From: praju <102275980+praju829@users.noreply.github.com>
Date: Wed, 1 Feb 2023 19:13:26 +0530
Subject: [PATCH 05/11] Update snyk code

---
 snyk code | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/snyk code b/snyk code
index f9391c61..37cc3c71 100644
--- a/snyk code	
+++ b/snyk code	
@@ -6,9 +6,18 @@ pipeline {
         echo 'Testing...'
         snykSecurity(
           snykInstallation: 'snyk',
-          snykTokenId: 'snyk cred',
+          snykTokenId: 'snyk cred'
         )
       }
     }
+    stage ('SAST') {
+      steps {
+        withSonarQubeEnv('SonarQube') {
+          sh 'mvn package'
+          sh 'mvn sonar:sonar'
+          sh 'cat target/sonar/report-task.txt'
+        }
+      }
+    }
   }
 }

From 36b26cdd7ce6efd4e66410e1fc49a9bf5684c6ff Mon Sep 17 00:00:00 2001
From: praju <102275980+praju829@users.noreply.github.com>
Date: Thu, 2 Mar 2023 17:52:02 +0530
Subject: [PATCH 06/11] Set up CI with Azure Pipelines

[skip ci]
---
 azure-pipelines.yml | 82 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 82 insertions(+)
 create mode 100644 azure-pipelines.yml

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
new file mode 100644
index 00000000..3d5b7afa
--- /dev/null
+++ b/azure-pipelines.yml
@@ -0,0 +1,82 @@
+# Starter pipeline
+# Start with a minimal pipeline that you can customize to build and deploy your code.
+# Add steps that build, run tests, deploy, and more:
+# https://aka.ms/yaml
+
+trigger:
+- main
+
+pool:
+  vmImage: ubuntu-latest
+
+- task: Maven@4
+  inputs:
+    mavenPomFile: 'pom.xml'
+    goals: 'compile'
+    publishJUnitResults: true
+    testResultsFiles: '**/surefire-reports/TEST-*.xml'
+    javaHomeOption: 'JDKVersion'
+    mavenVersionOption: 'Default'
+    mavenAuthenticateFeed: false
+    effectivePomSkip: false
+    sonarQubeRunAnalysis: false 
+
+- task: dependency-check-build-task@6
+  inputs:
+    projectName: 'SaiJavaCode'
+    scanPath: '/home/vsts/work/1/s/target'
+    format: 'HTML' 
+
+- task: SnykSecurityScan@1
+  inputs:
+    serviceConnectionEndpoint: 'snyk'
+    testType: 'app'
+    monitorWhen: 'always'
+    failOnIssues: false 
+
+- task: SonarCloudPrepare@1
+  inputs:
+    SonarCloud: 'sonarcloud'
+    organization: 'prajktamhapsekar829'
+    scannerMode: 'CLI'
+    configMode: 'manual'
+    cliProjectKey: 'prajktamhapsekar829'
+    cliProjectName: 'SaiJavaCode'
+    cliSources: '.'
+    extraProperties: |
+      # Additional properties that will be passed to the scanner, 
+      # Put one key=value per line, example:
+      # sonar.exclusions=**/*.bin
+      sonar.java.binaries=. 
+
+- task: SonarCloudAnalyze@1 
+- task: SonarCloudPublish@1
+  inputs:
+    pollingTimeoutSec: '300'
+
+- task: Maven@4
+  inputs:
+    mavenPomFile: 'pom.xml'
+    goals: 'clean install'
+    publishJUnitResults: true
+    testResultsFiles: '**/surefire-reports/TEST-*.xml'
+    javaHomeOption: 'JDKVersion'
+    mavenVersionOption: 'Default'
+    mavenAuthenticateFeed: false
+    effectivePomSkip: false
+    sonarQubeRunAnalysis: false 
+
+- task: CopyFilesOverSSH@0
+  inputs:
+    sshEndpoint: 'tomcat-devsecops-connection'
+    sourceFolder: '/home/vsts/work/1/s/target'
+    contents: '**/*.war'
+    targetFolder: '/var/lib/tomcat9/webapps'
+    readyTimeout: '20000' 
+
+- task: owaspzap@1
+  inputs:
+    scantype: 'targetedScan'
+    url: 'http://43.205.232.54:8080/SaiJavaCode/'
+    provideCustomContext: true
+    contextPath: '/SaiJavaCode'
\ No newline at end of file

From 15f956eb3457372a34b344681564573af76d192d Mon Sep 17 00:00:00 2001
From: praju <102275980+praju829@users.noreply.github.com>
Date: Thu, 2 Mar 2023 17:54:29 +0530
Subject: [PATCH 07/11] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 3d5b7afa..a6751cea 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -8,6 +8,7 @@ trigger:
 
 pool:
   vmImage: ubuntu-latest
+steps:
 
 - task: Maven@4
   inputs:

From efe2c41861dce45db98d572f42e568efe1746e60 Mon Sep 17 00:00:00 2001
From: praju <102275980+praju829@users.noreply.github.com>
Date: Thu, 2 Mar 2023 18:03:17 +0530
Subject: [PATCH 08/11] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index a6751cea..a053aa7a 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -13,7 +13,7 @@ steps:
 - task: Maven@4
   inputs:
     mavenPomFile: 'pom.xml'
-    goals: 'compile'
+    goals: 'package'
     publishJUnitResults: true
     testResultsFiles: '**/surefire-reports/TEST-*.xml'
     javaHomeOption: 'JDKVersion'

From ef96ed94bac9309898aa0a6377bc56fd51ec6d45 Mon Sep 17 00:00:00 2001
From: praju <102275980+praju829@users.noreply.github.com>
Date: Thu, 2 Mar 2023 18:11:09 +0530
Subject: [PATCH 09/11] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index a053aa7a..3aec85b8 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -25,7 +25,7 @@ steps:
 - task: dependency-check-build-task@6
   inputs:
     projectName: 'SaiJavaCode'
-    scanPath: '/home/vsts/work/1/s/target'
+    scanPath: '/home/vsts/work/1/s/webapp/target'
     format: 'HTML' 
 
 - task: SnykSecurityScan@1

From 3f9ac8c9e40d85f1a436a5a186e2f32b011c18cd Mon Sep 17 00:00:00 2001
From: praju <102275980+praju829@users.noreply.github.com>
Date: Thu, 2 Mar 2023 18:11:27 +0530
Subject: [PATCH 10/11] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 3aec85b8..0430b189 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -70,7 +70,7 @@ steps:
 - task: CopyFilesOverSSH@0
   inputs:
     sshEndpoint: 'tomcat-devsecops-connection'
-    sourceFolder: '/home/vsts/work/1/s/target'
+    sourceFolder: '/home/vsts/work/1/s/webapp/target'
     contents: '**/*.war'
     targetFolder: '/var/lib/tomcat9/webapps'
     readyTimeout: '20000' 

From d77df8fbd6b6ce1e4e1e746c864b274c119984bd Mon Sep 17 00:00:00 2001
From: praju <102275980+praju829@users.noreply.github.com>
Date: Thu, 2 Mar 2023 18:21:35 +0530
Subject: [PATCH 11/11] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 0430b189..53d6df76 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -77,7 +77,8 @@ steps:
 
 - task: owaspzap@1
   inputs:
+    threshold: '300'
     scantype: 'targetedScan'
-    url: 'http://43.205.232.54:8080/SaiJavaCode/'
+    url: 'http://43.205.232.54:8080/SaiJavaCode'
     provideCustomContext: true
     contextPath: '/SaiJavaCode'
\ No newline at end of file