foreign [Music] so in today's video I'll be showing you how you can integrate West dependency check tool with Jenkins in case if you don't know what is OS dependency check basically it's a tool which is used for scanning your source code for finding the publicly publicly announced vulnerabilities that may be present in your dependencies of the source code so you you may have a source code that might be on GitHub gitlab or on your local system so you can basically integrate this tool with Jenkins and perform the analysis to generate a report in HTML or XML format to find out that if there are any vulnerabilities into dependencies so same thing I will show you also in case you don't know how to set up Jenkins you can follow the video in the description so with that being said let's get started okay so first of all what we will do we will install some plugins so for that we will go to manage Jenkins and go to manage plugins here we will select available plugins and first of all we will search as wasp and select this and click on install without restart now we can see download is in progress and it has completed now and again we will go to available available plugins and here we will search for open jdk yeah and we will select this install it as well foreign because we cannot use like the commercial one so we will be using open jtk okay once these two things are done what we will do we will again go to manage Jenkins and now we need to configure dependency check and jdk so we'll open Global tool configuration scroll down to last and here dependency check as you can see depends it dependency check installations we'll click on ADD dependency check and here we'll provide the name maybe DP foreign you can provide any name but I will just spread this one and click on install automatically and in installer select the first one and here we just need to select a version so I will select 7.2.0 and then click on apply yeah this is done next we will add Maven also because we'll be using a maven project so we will here provide the name Maven and we will use this version itself click on apply again scroll up and go to jdk now what we will do we will add jdk as well so here we will provide the name as open jdk Dash 11. and you can see this is like the commercial one so we will not use this we will click this to close and again select the different installer so since we just installed that plugin Eclipse one this is the one so we'll click on it and select jdk 11. and then click on apply okay once these things are done that means our dependency check jdk and Maven has been configured successfully now we will go back to dashboard and here we will create our first job we'll provide the name as West DP check and this will be freestyle I will create a pipeline also but let's start with freestyle and then click ok and first of all let me just select this option to keep just two two bits we'll scroll down now coming to project so what project I am going to use is pet clinic which is from springboard we will open the first one okay this is Gradle griddle we don't want let me open the second one yeah this is maven-based form uh with palm file so this will be used and since this is like open source and available for free so we'll copy the URL and paste it in our job and since it is like open source it doesn't require uh credential okay now we need to specify the branch name so if I go back to GitHub you can see the branches Main so we'll provide the name as mean okay now scroll down and in build steps we will add invoke dependency check this option is coming because we have configured and installed the plugin OS dependency check that is why this option is visible here we will select it and you can see the one that we configured is available here if you have configured multiple dependency check versions then all the versions will be available and you can select the one okay now coming to arguments so basically this is the most important part when you are going to use OS dependency check because this this refers to the things like what kind of like instructions you want to give for the dependency check so what I will do for that we will search as OS dependency check arguments and open the first one so this is basically the list of arguments which could be used for example if you want to scan specific directory you can use this argument and then provide the path and then we have format so format is basically argument which will help you to provide the format of the report because dependency check is going to generate a report so we'll provide this argument and provide the format as HTML okay okay so for now I will just keep it this much and click on apply okay this is saved now we'll go back to job and click on build now and since we are doing it for the first time so this might take little bit of time but let's see how much time it takes you can see unpacking this dependency check package so since we are doing it for the first time it is unpacking and it is going to install also dependency check this tool requires several set of packages and dependencies to be downloaded first so that it could like associate and figure out the vulnerabilities in your dependencies so that is also going to take a bit of time so we will just see what happens okay meanwhile just one more time what I will do I will just check the status of Jenkins sudos system CTL status Jenkins yeah it is running now okay okay so what I will do I will just speed up this video and then I will be back once this part is completed okay okay so we can see the analysis has been successful if I go back to the job open the workspace which is created after the job has completed we can see there is a specific file in the HTML format has been created okay so if I click on it you can see hold report if I yeah Project osdp Check which was the name of our job scan information if I click on show all okay so all the information whatever like after scanning whatever vulnerabilities have been found it is visible here okay now we will go back and what I will do now is create a pipeline job okay so I will click on here click on DP check dash one or something whatever name you want you can give it okay yeah select the format test pipeline click ok and we'll be you'll be using a template okay just scroll down try sample pipeline hello world we will select and now first stage will be the uh like fetching the source code from git so we'll provide the name as a cm okay and instead of uh yeah before like writing the steps what I will do I will just copy one at one time so that next step we can add it here itself okay yeah now I will open this pipelines it takes this new page and here we will search for dependency check yeah dependency check invokes invoke dependency check yeah select this and version we have already configured here format will select format as HTML if you don't provide any format then by default it will be like creating an XML format here we'll click on generate dependency check okay okay this should work we'll copy this mean well just let me check okay let me see dependency check publisher by default only it is taking the XML report pattern and here we need to provide but this I will not do okay so going back here again here I will provide the name as plot the content as this one and name I will provide as dependency check and on the website we need to provide the Repository so again we will go to pipeline syntax select get and here we need to provide the source code copy the URL paste it here and branch is Main credential we don't need to provide because it is like open source standard the script copy this and paste it here okay sorry it got like backspace and now it is back again okay no issues we'll configure the same again click on hello world copy this one more time paste this provide the name as SEO and here we'll paste the uh yeah get part and this will be our dependency and here again we will select dependency checking dependency check format HTML generate the script copy this and we will paste it here yeah click on apply and we will trigger the job now let's see what happens okay it is Success what we will do we will go back to the job mm-hmm [Music] giving to check for the workspace yeah workspace is here we will open it and open the workspace here also you can see the HTML format report has been generated and same thing we will be seeing the one that we saw in freestyle job okay report has been generated which is visible what is the issue which level of the issue our vulnerabilities in the dependency every information is here okay so this is how like we can integrate Jenkins with the dependency check and we can generate reports for this here