Scribd
Upload
27 views3 pages

Prepare ENV: Java 17

The document provides instructions for setting up an environment for vulnerability scanning and management. It includes steps to install Java 17, Maven, Docker, Docker Compose, cloning a project from GitHub, building and scanning a Docker image with Trivy, and setting up the DefectDojo vulnerability management tool to upload the Trivy scan results.

Uploaded by

Soumaila MAMAN
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
27 views3 pages

Prepare ENV: Java 17

The document provides instructions for setting up an environment for vulnerability scanning and management. It includes steps to install Java 17, Maven, Docker, Docker Compose, cloning a project from GitHub, building and scanning a Docker image with Trivy, and setting up the DefectDojo vulnerability management tool to upload the Trivy scan results.

Uploaded by

Soumaila MAMAN
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Lab :

Prepare ENV
Java 17

Install open-jdk-17

• sudo apt update


• sudo apt install openjdk-17-jdk openjdk-17-jre
• java –version

Install Maven

• wget https://dlcdn.apache.org/maven/maven-3/3.9.4/binaries/apache-maven-3.9.4-
bin.tar.gz
• tar xzvf apache-maven-3.9.4-bin.tar.gz
• mv apache-maven-3.9.4 /opt/
• cd ~
• vim .profile

paste this configuration into the .profile file:

• M2_HOME='/opt/apache-maven-3.9.4'
PATH="$M2_HOME/bin:$PATH"
export PATH
• mvn –version

Install Docker

• sudo apt update


• sudo apt install apt-transport-https ca-certificates curl software-properties-common
• curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add –
• sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu
focal stable"
• apt-cache policy docker-ce
• sudo apt install docker-ce
• sudo systemctl status docker
• sudo usermod -aG docker ${USER}

https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-20-
04
Install Docker Compose

Recommended Installation:

https://linux.how2shout.com/install-and-configure-ansible-on-ubuntu-22-04-linux/

Clone the Project

git clone https://github.com/MarwenSoula/javulna.git

Build Project

cd javulna

mvn clean install

(The build Process) should deemed successfully)

Build Docker Image

You should be in same direcroty with the dockerfile ( means inside javulna)

Docker build -t Javulna .

Install Trivy (container Scan)

https://aquasecurity.github.io/trivy/v0.18.3/installation/

Scan docker image

Trivy image –format json -o javulna.json

Setting up Vulnerability Management tool DefectDojo

https://github.com/DefectDojo/django-DefectDojo

(you run the build and the up scripts, follow documentation)

Setting python 2

$ sudo apt update

$ sudo apt install python2


Install Defectdojo library

pip install defectdojo_api

Run Python

This script for creating Product Type – Product – Engagement – Upload Trivy Scan json report

The you are required to read the script, upon getting a comprehensive understanding, modify the
variable host and token as yours, and modify the upload fuction with your needs.

Pyhton2.7 DefectDojo.py

You might also like