🔐
CloudDefense
🔐
CloudDefense
Getting Started
On-boarding Steps
Local Environment
SCAN
Cloud Defense CLI
SCA
Languages
Java
Kotlin
Python
NodeJS
Go
.NET
Rust
PHP
ObjectiveC
Swift
Secrets Scanning
SAST
DAST
API Scanning
Container Scanning
Kubernetes
Integrations
Release Notes
Misc
Powered by GitBook

Java

Prerequisites

  • Install CLI

  • Java 1.8 or higher

  • Maven projects

    • install Maven

    • mvn install should be run on the project before running the tool.

  • Gradle projects

    • Install Gradle

    • gradle build should be run on the project before running the tool.

Command line

Run the following from command line. Recommended to provideproject-name else it will be picked up from your maven project's pom.xml.

cdefense scan --lang=java --api-key=<YOUR_API_KEY> \
--path=/d/temp/java-goof --project-name="My Java Project"

Gitlab Integration

Example .gitlab-ci.yml

image: maven:3-jdk-8
variables:
  API_KEY: <YOUR_API_KEY>
cache:
  paths:
    - .m2/repository/
    - target/
stages:
  - test
run_scan:
  stage: test
  script:
    - mvn web3j:generate-sources
    - mvn clean install
    - curl https://raw.githubusercontent.com/CloudDefenseAI/cd/master/latest/cd-latest-linux-x64.tar.gz > /tmp/cd-latest-linux-x64.tar.gz \
            && tar -C /usr/local/bin -xzf /tmp/cd-latest-linux-x64.tar.gz && chmod +x /usr/local/bin/cdefense
    - cdefense scan --lang=java --project-name=java-mvn-sample --api-key=$API_KEY --path=$PWD
    - echo $?

The output looks something like below:

│─────────────────────────────────────────────────────────────────│───────────│────────────────│───────────│─────────│───────────────│
│ PACKAGE NAME (14)                                               │ ID        │ VERSION        │ PARENT ID │ LICENSE │ NEXT VERSIONS │
│─────────────────────────────────────────────────────────────────│───────────│────────────────│───────────│─────────│───────────────│
│ org.cysecurity:JavaVulnerableLab                                │ friaoZkcs │ 0.0.1-SNAPSHOT │           │         │          none │
│ javax.servlet:jstl                                              │ ZvtYTYytU │ 1.2            │           │         │          none │
│ org.jboss.spec.javax.transaction:jboss-transaction-api_1.1_spec │ aPwMLkBjK │ 1.0.0.Final    │           │         │          none │
│ org.hibernate.javax.persistence:hibernate-jpa-2.0-api           │ OODyxFmUv │ 1.0.1.Final    │           │         │          none │
│ org.hibernate.common:hibernate-commons-annotations              │ kVLUGcJBp │ 4.0.1.Final    │           │         │          none │
│ org.hibernate:hibernate-core                                    │ xTkcjKvHt │ 4.0.1.Final    │           │         │          none │
│ xml-apis:xml-apis                                               │ zonxORNNG │ 1.0.b2         │           │         │          none │
│ org.jboss.logging:jboss-logging                                 │ WvxHQWIlY │ 3.1.0.CR2      │           │         │          none │
│ org.javassist:javassist                                         │ ehpGYytzw │ 3.15.0-GA      │           │         │          none │
│ org.zenframework.z8.dependencies.commons:dom4j-1.6.1            │ bYpFdnJtF │ 2.0            │           │         │          none │
│ commons-collections:commons-collections                         │ nPLyJuElU │ 3.2.1          │           │         │          none │
│ org.json:json                                                   │ BWMDWUfHX │ 20090211       │           │         │          none │
│ mysql:mysql-connector-java                                      │ AInCsSDKr │ 5.1.26         │           │         │          none │
│ antlr:antlr                                                     │ qVyyUywQt │ 2.7.7          │           │         │          none │
│─────────────────────────────────────────────────────────────────│───────────│────────────────│───────────│─────────│───────────────│
Secrets Scan Results
│────────────────│───────────────│──────────────────────────────────────────────────────│───────────────────────────────│
│ RULE (12)      │ FILE          │ LINE                                                 │ DATE                          │
│────────────────│───────────────│──────────────────────────────────────────────────────│───────────────────────────────│
│ AWS Manager ID │ prod-test.yml │ password:REDACTEDU                                   │ 2020-05-29 19:34:30 -0700 PDT │
│ AWS Manager ID │ prod.yml      │ password:REDACTEDU2                                  │ 2020-05-29 19:34:30 -0700 PDT │
│ AWS Manager ID │ prod.yml      │ aws_access_key_id:REDACTEDU                          │ 2020-05-26 19:07:28 -0700 PDT │
│ AWS Manager ID │ secrets.yml   │                           aws_access_key_id:REDACTED │ 2020-05-26 16:38:07 -0700 PDT │
│ AWS Secret Key │ secrets.yml   │                           REDACTED                   │ 2020-05-26 16:38:07 -0700 PDT │
│────────────────│───────────────│──────────────────────────────────────────────────────│───────────────────────────────│
Previous
Languages
Next
Kotlin
Last updated 9 months ago
Contents
Prerequisites
Command line
Gitlab Integration