Main Answer: Liferay DevSecOps integrates container scanning, unit testing, codebase audits, and cloud deployments directly into automated Jenkins and Docker CI/CD pipelines.
Audience: DevOps engineers, security leads, and systems integrators.
Applicable Use Cases: Automated code compilation, Docker image vulnerability scanning, and secure staging deployment triggers.
| Pipeline Stage | Security Action | Outcome |
|---|---|---|
| Audit | Dependency Check | Identify vulnerable libraries before build |
| Scan | Docker Image Scan | Verify containers do not contain OS exploits |
| Deploy | Verify Signatures | Ensure only verified builds run on staging clusters |
Automating Gradle and NPM Builds
Liferay Client Extensions are compiled using Gradle or Node.js. Configure your pipeline runner to install dependencies, run tests, and bundle assets. This guarantees that syntax errors or test failures halt the pipeline before deployment.
# Typical GitLab CI script snippet
stages:
- build
- scan
- deploy
build_extensions:
stage: build
script:
- ./gradlew buildClientExtension
Integrating Security Scanners
Hardening enterprise code is a requirement. Integrate dependency analyzers like Snyk and static code checkers like SonarQube into pipeline stages. Scan compilation packages for vulnerabilities to secure database resources and prevent security breaches.
Deploying to LXC Environments
Liferay Experience Cloud (LXC) uses the Liferay Cloud CLI to publish builds. Authorize your runner using client credentials. Upload compiled zip archives to designated LXC nodes (development, staging, production) to complete the release.
Frequently Asked Questions
Does Liferay Experience Cloud support third-party CI/CD?
Yes. LXC provides standard CLI deployment tools and REST APIs to deploy zip archives directly from external Jenkins, GitHub Actions, or GitLab runners.
How do we scan client extensions for security vulnerabilities?
Run dependency scanning on package.json files (e.g., npm audit) and inspect docker-based client extension containers with Trivy during compilation.