<< PREVIOUS NEXT >>

 

 

JAVA

 

PREREQUISITES

  1. Install CLI

  2. Java 1.8 or higher

  3. Maven Projects

    1. Install Maven

    2. mvn install should be run on the project before running the tool

  4. Gradle Projects

    1. Install Gradle

    2. gradle build should be run on the project before running the tool

COMMAND-LINE

 

Run the following from the command line. Recommended to provide project-name else it will be picked up from your maven project's pom.xml.

 

vsp_defense scan --lang=java --api-key=<YOUR_API_KEY> --path=/d/temp/java-goof --project-name="My Java Project"

 

 

 

GITLAB INTEGRATION

 

Example: .gitlab-ci.yml 

 

image: maven:3-jdk-8

variables:

API_KEY: <YOUR_API_KEY>

cache:

  paths:

  - .m2/repository/ - target/

stages:

  - test

run_scan:

  stage: test

  script:

    - mvn web3j:generate-sources

    - mvn clean install

    - curl https://raw.githubusercontent.com/CloudDefenseAI/cd/master/latest/cd-latest-linux-x64.tar.gz > /tmp/cd-latest-linux-x64.tar.gz && tar -C /usr/local/bin -xzf /tmp/cd-latest-linux-x64.tar.gz && chmod +x /usr/local/bin/cdefense

    - vsp_defense scan --lang=java --project-name=java-mvn-sample --api-key=$API_KEY --path=$PWD

    - echo $?

 

 

 

 

 

 

 

 

 

 

 

 

 

The output looks something like as shown below: 

 

The package details are shown below: 

 

PACKAGE NAME

ID

VERSION

PARENT ID 

LICENSE 

NEXT VERSION

org.cysecurity:JavaVulnerableLab

friaoZkcs

0.0.1-SNAPSHOT

 

 

none

javax.servlet:jstl

ZvtYTYytU

1.2

 

 

none

org.jboss.spec.javax.transaction:jboss-transaction-api_1.1_spec

aPwMLkBjK

1.0.0.Final

 

 

none

org.hibernate.javax.persistence:hibernate-jpa-2.0-api

OODyxFmUv 

1.0.1.Final

 

 

none

org.hibernate.common:hibernate-commons-annotations 

kVLUGcJBp 

4.0.1.Final  

 

 

none 

org.hibernate:hibernate-core 

xTkcjKvHt 

4.0.1.Final  

 

 

none 

xml-apis:xml-apis 

zonxORNNG 

1.0.b2 

 

 

none 

org.jboss.logging:jboss-logging 

WvxHQWIlY 

3.1.0.CR2  

 

 

none

org.javassist:javassist  

ehpGYytzw 

3.15.0-GA  

 

 

none 

org.zenframework.z8.dependencies.commons:dom4j-1.6.1 

bYpFdnJtF 

2.0 

 

 

none

commons-collections:commons-collections 

nPLyJuElU 

3.2.1 

 

 

none

org.json:json 

BWMDWUfHX 

20090211

 

 

none 

mysql:mysql-connector-java 

AInCsSDKr

5.1.26

 

 

none 

antlr:antlr 

qVyyUywQt 

2.7.7 

 

 

none 

 

Secrets Scan Results 

 

RULE (12)

FILE

LINE

DATE

AWS Manager ID

prod-test.yml

password:REDACTEDU

2020-05-29 19:34:30 -0700 PDT

AWS Manager ID

prod.yml

password:REDACTEDU2

2020-05-29 19:34:30 -0700 PDT

AWS Manager ID

prod.yml

aws_access_key_id:REDACTEDU

2020-05-26 19:07:28 -0700 PDT 

AWS Manager ID

secrets.yml

aws_access_key_id:REDACTED

2020-05-26 16:38:07 -0700 PDT

AWS Secret Key

secrets.yml

REDACTED

2020-05-26 16:38:07 -0700 PDT

 

<< PREVIOUS NEXT >>