Bash Script to Install Artifactory in Ubuntu 22

JFrog Artifactory OSS 7.21.5 — Install (Bash Script)

This script installs Artifactory OSS (no Docker, no Pro, works on Ubuntu 22 EC2).

# ==========================================
# Install JFrog Artifactory OSS on Ubuntu 22
# Version: 7.21.5
# ==========================================

# 1) Prerequisites
sudo apt update -y
sudo apt install -y openjdk-17-jdk wget tar

# 2) Create Artifactory directory
sudo mkdir -p /opt/artifactory
cd /opt/artifactory

# 3) Download verified OSS release
sudo wget https://releases.jfrog.io/artifactory/bintray-artifactory/org/artifactory/oss/jfrog-artifactory-oss/7.21.5/jfrog-artifactory-oss-7.21.5-linux.tar.gz

# 4) Extract & name correctly
sudo tar -xzf jfrog-artifactory-oss-7.21.5-linux.tar.gz
sudo mv artifactory-oss-7.21.5 app

# 5) Start Artifactory manually
sudo /opt/artifactory/app/app/bin/artifactory.sh start

# 6) Optional — status
sudo /opt/artifactory/app/app/bin/artifactory.sh status

# UI available:
#  http://SERVER-IP:8082/ui/

(Optional) Enable Artifactory systemd Service

sudo tee /lib/systemd/system/artifactory.service > /dev/null << 'EOF'
[Unit]
Description=JFrog Artifactory
After=network.target

[Service]
Type=simple
User=ubuntu
ExecStart=/opt/artifactory/app/app/bin/artifactory.sh start
ExecStop=/opt/artifactory/app/app/bin/artifactory.sh stop
Restart=always

[Install]
WantedBy=multi-user.target
EOF

sudo systemctl daemon-reload
sudo systemctl enable artifactory
sudo systemctl start artifactory
sudo systemctl status artifactory --no-pager

Access Artifactory

Once started:

• URL: http://SERVER-IP:8082/ui/
• Default user: admin
• Default password: password

How to Install jfrog Artifactory on Ubuntu 22

Install JFrog Artifactory OSS 7.21.5 on Ubuntu 22

---

1️⃣ Remove Previous Installation

sudo systemctl stop artifactory.service
sudo systemctl disable artifactory.service
sudo rm -rf /opt/artifactory
sudo rm -f /etc/systemd/system/artifactory.service
sudo systemctl daemon-reload

2️⃣ Install Java (OpenJDK 17)

sudo apt update
sudo apt install -y openjdk-17-jdk
java -version

3️⃣ Download Artifactory OSS 7.21.5

cd /opt
sudo wget https://releases.jfrog.io/artifactory/bintray-artifactory/org/artifactory/oss/jfrog-artifactory-oss/7.21.5/jfrog-artifactory-oss-7.21.5-linux.tar.gz

4️⃣ Extract & Structure Correctly

sudo mkdir /opt/artifactory
cd /opt/artifactory
sudo tar -xzf /opt/jfrog-artifactory-oss-7.21.5-linux.tar.gz
sudo mv artifactory-oss-7.21.5 app

Check structure:

ls -al /opt/artifactory/app/bin

5️⃣ Create SystemD Service

sudo tee /etc/systemd/system/artifactory.service > /dev/null <

6️⃣ Enable & Start Service

sudo systemctl daemon-reload
sudo systemctl enable artifactory.service
sudo systemctl start artifactory.service
sudo systemctl status artifactory.service

7️⃣ Access UI

http://YOUR_SERVER_IP:8082/ui/

---

username:admin

password: password

How to Add a windows Agent to jenkins

 Prerequisite

• Jenkins controller: Ubuntu 22 on AWS EC2

• On Controller (Ubuntu Jenkins)

  • Port 8080 open

  • Port 50000 open

• New agent: Windows Server (or Windows 10/11)--Lunch a new windows instance.

Then launch.... when instance is running ...Click connect to see how to connect ...then click Rdp ang get password to get password

Click Decrypt pasword to get password

Open RDP on your computer

Enter computer: Public Dns

Username: Administrator

Click connect and Enter the password

1. Prep the Windows machine

On the Windows box (the future agent):

1. Install Java (same major as controller, e.g. JDK 17 or 21)

   • Download a JDK (Temurin, Oracle, etc.) in the agent through the browser

   • https://download.java.net/java/GA/jdk21.0.2/f2283984656d49d69e91c558476027ac/13/GPL/openjdk-21.0.2_windows-x64_bin.zip

   • Install to something like: C:\Program Files\Java\jdk-21

2. Add Java to PATH (optional but helpful)

   • System Properties → Advanced → Environment Variables

   • Under System variables, edit Path → add:
     C:\Program Files\Java\jdk-21\bin

3. Create a Jenkins work directory

• For example: C:\jenkins

• Make sure the user that will run the agent (e.g. jenkins or your login) has full rights.

• 
  
  
  

4. Network

• Windows server must be able to reach the Jenkins URL over HTTP/HTTPS

• If using inbound TCP agent port (default 50000), make sure it’s open on security group if needed

2. Create the Windows node in Jenkins

On the Jenkins controller UI:

1. Go to Manage Jenkins → Nodes (or “Manage Nodes and Clouds”).

2. Click New Node.

3. Name it e.g. windows-agent-1.

4. Choose Permanent Agent → OK.

Fill in:

• # of executors: 1 (or more if the box is strong)

• Remote root directory: C:\jenkins

• Labels: e.g. windows maven (you’ll use these in jobs)

• Usage: “Use this node as much as possible”

Launch method (very important)

Set Launch method to:

Launch agent by connecting it to the controller

This means the Windows machine will run java -jar agent.jar and connect in.

Click Save.

You’ll now see the node page with instructions like “Launch agent”, “jnlp” etc.

Save 

Then from the Agent browser browse to the Jenkins

Copy the 2 commands and run from the Agent commandline

if you face issues or errors; check if port is open and all firewall

Run on Jenkins Terminal

sudo ufw allow 8080/tcp

Your Agent is now connected 

IAM UNLOCKED

basics-of-identity-access-management-in-mordern-infrastructure-56affrom PrinceXavier18

What is IAM- Presentation

sailpoint-online-training-on-iam-overviewfrom vsitlearn.com

How to Upgrade your legacy Jdk 8 project to more mordern JDK 21

 When you use Maven archetype + JDK + Maven 3.9, to create a java project… the generated project will still default to Java 1.7/1.8 syntax level in the POM unless you update it.

This creates a very old-style project structure designed for Java 1.7–1.8.
The project WILL compile but may not be compatible to Java 21 and its features unless we modernize it.

Which means you may get build failures using Newer modern versions of java like jdk 17/21

Why You Should Use JDK 21 for New Projects?

You get:

✔ Better security
✔ More memory efficiency
✔ Better garbage collection
✔ Faster builds
✔ Support for sealed classes, records, virtual threads (Loom)
✔ Long-term stability (LTS release)

📌 Upgrade LEGACY Projects to JDK 21 — In 5 Steps 

🛑 Legacy apps were built with JDK 8 or below, so you must modernize Gradually, not blindly Here is the shortest upgrade path:

🔧 Step-1 — Open old pom.xml replace Java version Find old:

 <maven.compiler.source>1.8</maven.compiler.source> <maven.compiler.target>1.8</maven.compiler.target> 

Replace with: <maven.compiler.release>21</maven.compiler.release> 

Step-2 — Update plugins (old plugins break on Java 21) 

<plugin>

 <groupId>org.apache.maven.plugins</groupId> 

 <artifactId>maven-compiler-plugin</artifactId> 

 <version>3.11.0</version> <!-- important -->

 </plugin>

 <plugin> 

 <groupId>org.apache.maven.plugins</groupId>

 <artifactId>maven-surefire-plugin</artifactId>

 <version>3.2.5</version>

</plugin>

 If it's a webapp, also refresh WAR plugin: 

 <plugin>

 <groupId>org.apache.maven.plugins</groupId> 

 <artifactId>maven-war-plugin</artifactId>

 <version>3.4.0</version>

 </plugin>

 Step-3 — Build using Java 21 mvn clean package

Step-4 — Fix libraries that no longer exist 

JDK 21 removed Java EE packages like: javax.servlet.* javax.xml.bind.* javax.activation.* If using them, add modern equivalents: 

 <dependency>

 <groupId>jakarta.servlet</groupId> 

 <artifactId>jakarta.servlet-api</artifactId>

 <version>6.0.0</version> 

 <scope>provided</scope> 

</dependency> 

Step-5 — Run in Jenkins with JDK 21 Jenkins → Manage Jenkins → Global Tool Configuration → JDK → Add (JAVA_HOME pointing to JDK21)

LAB EXERCISE(Upgrade your legacy jdk 8 project to jdk21)

Open your pom.xml and replace it with the below

<project xmlns="http://maven.apache.org/POM/4.0.0"

         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0

                             http://maven.apache.org/maven-v4_0_0.xsd">

    <modelVersion>4.0.0</modelVersion>

    <groupId>com.mywebapp</groupId>

    <artifactId>mywebapp</artifactId>

    <version>1.0-SNAPSHOT</version>

    <packaging>war</packaging>

    <name>MyWebApp</name>

    <properties>

        <maven.compiler.source>21</maven.compiler.source>

        <maven.compiler.target>21</maven.compiler.target>

        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

    </properties>

    <dependencies>

        <!-- Example dependency for unit tests -->

        <dependency>

            <groupId>org.junit.jupiter</groupId>

            <artifactId>junit-jupiter-api</artifactId>

            <version>5.10.0</version>

            <scope>test</scope>

        </dependency>

        <dependency>

            <groupId>org.junit.jupiter</groupId>

            <artifactId>junit-jupiter-engine</artifactId>

            <version>5.10.0</version>

            <scope>test</scope>

        </dependency>

    </dependencies>

    <build>

        <finalName>MyWebApp</finalName>

        <plugins>

            <!-- JDK 21 Maven Compiler -->

            <plugin>

                <groupId>org.apache.maven.plugins</groupId>

                <artifactId>maven-compiler-plugin</artifactId>

                <version>3.11.0</version>

                <configuration>

                    <release>21</release>

                </configuration>

            </plugin>

            <!-- WAR packaging support -->

            <plugin>

                <groupId>org.apache.maven.plugins</groupId>

                <artifactId>maven-war-plugin</artifactId>

                <version>3.4.0</version>

            </plugin>

        </plugins>

    </build>

</project>

Save and Run your build in Jenkins

How to Install Snyk and Integrate It Into Jenkins CI for Secure Build Pipelines

How to Install Snyk and Integrate It Into Jenkins CI

DevSecOps Jenkins Snyk CI/CD

Modern CI/CD pipelines require security at every stage. Integrating Snyk into Jenkins CI helps detect vulnerabilities early and enforce DevSecOps practices efficiently.

In this guide, you’ll learn how to:

• Install Snyk on Jenkins
• Authenticate Snyk using Jenkins credentials
• Scan your source code and dependencies automatically
• Fail builds based on severity thresholds

---

1. Install Snyk CLI on Jenkins Server

Your Jenkins controller or agent must have the Snyk CLI installed to run scans.

# Download the Snyk CLI for Linux
sudo curl -L -o snyk-linux https://static.snyk.io/cli/latest/snyk-linux

# Download the snyk-to-html Linux binary from the official GitHub releases
sudo curl -L -o snyk-to-html-linux https://github.com/snyk/snyk-to-html/releases/latest/download/snyk-to-html-linux

chmod +x snyk-linux

chmod +x snyk-to-html-linux

sudo mkdir /opt/snyk

sudo mv snyk-linux /opt/snyk

sudo mv snyk-to-html-linux /opt/snyk

Verify:

/opt/snyk/snyk-linux --version
/opt/snyk/snyk-to-html-linux --help

---

2. Get Your Snyk API Token

1. Log in at https://snyk.io
2. Go to Account Settings
3. Copy your personal Snyk API token

---

3. Add Snyk Token to Jenkins Credentials

1. Go to Manage Jenkins → Credentials
2. Choose Global credentials
3. Click Add Credentials
4. Choose: Secret text
5. Paste your Snyk API token
6. Set ID to: snyk-token

---

4. Integrate Snyk Into Freestyle Jobs

Install Plugin

1. Manage Jenkins → Manage Plugins → Available
2. Search: Snyk Security
3. Install

Add Scan Step

• Edit your Freestyle job
• Add build step → Invoke Snyk Security
• Select:
  • Snyk installation → snyk
  • Token credential → snyk-token

Optional flags:

--severity-threshold=medium
--all-projects

---

5. Jenkins Pipeline (Jenkinsfile) Integration

Here is a ready-to-use Jenkinsfile:

pipeline {
    agent any

    environment {
        SNYK_TOKEN = credentials('snyk-token')
    }

    stages {
        stage('Checkout') {
            steps {
                checkout scm
            }
        }

        stage('Authenticate Snyk') {
            steps {
                sh 'snyk auth $SNYK_TOKEN'
            }
        }

        stage('Snyk Dependency Scan') {
            steps {
                sh 'snyk test --severity-threshold=medium'
            }
        }

        stage('Snyk Code Scan') {
            steps {
                sh 'snyk code test --severity-threshold=medium || true'
            }
        }

        stage('Build App') {
            steps {
                sh './mvnw clean package || mvn clean package'
            }
        }
    }
}

---

6. Fail Builds on Vulnerabilities

Fail on high severity:

snyk code test --severity-threshold=high

Fail on critical dependency issues:

snyk test --severity-threshold=critical

---

RUN YOUR BUILD AND YOU WILL SEE THE REPORT OF ALL VULNERABILITIES > BUILD SHOULD SUCCEED IF THERE ARE NO VULNERABILITIES

✅ Below is a Vulnerable POM.xml

This version includes:

🔥 Critical known vulnerabilities:

• Log4j 1.x (CVE-2019-17571)

• Spring Framework 4.x RCE (CVE-2016-1000027)

• Jackson Databind insecure version (CVE-2017-17485, CVE-2019-12384)

Every one of these is easily detected by Snyk. UPDATE YOUR POM.XML IN YOUR PROJECT WITH THE ONE BELOW.

<project xmlns="http://maven.apache.org/POM/4.0.0"

         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

    <modelVersion>4.0.0</modelVersion>

    <groupId>com.mkyong</groupId>

    <artifactId>Facebook</artifactId>

    <packaging>war</packaging>

    <version>1.2.${v}-SNAPSHOT</version>

    <name>MyWebApp Maven Webapp</name>

    <dependencies>

        <!-- ❌ Critical vulnerability (Log4Shell family) -->

        <dependency>

            <groupId>log4j</groupId>

            <artifactId>log4j</artifactId>

            <version>1.2.17</version>

        </dependency>

        <!-- ❌ Known RCE in older Spring Framework -->

        <dependency>

            <groupId>org.springframework</groupId>

            <artifactId>spring-core</artifactId>

            <version>4.3.0.RELEASE</version>

        </dependency>

        <!-- ❌ Jackson Databind insecure version (multiple CVEs) -->

        <dependency>

            <groupId>com.fasterxml.jackson.core</groupId>

            <artifactId>jackson-databind</artifactId>

            <version>2.8.4</version>

        </dependency>

        <!-- Old JUnit already present — keep it -->

        <dependency>

            <groupId>junit</groupId>

            <artifactId>junit</artifactId>

            <version>3.8.1</version>

            <scope>test</scope>

        </dependency>

    </dependencies>

    <build>

        <finalName>MyWebApp</finalName>

    </build>

</project>

Conclusion

Integrating Snyk into Jenkins CI provides automated security scanning, early vulnerability detection, and real DevSecOps pipeline enforcement. The free tier also makes it excellent for DevOps coaching and hands-on labs.