Skip to content

Gradle Plugin Manual

Installation

First you need to extract the package archive to a folder that you have access to.

Next, you need to tell Gradle where to find the plugin and its dependencies. Make the following additions to settings.gradle and build.gradle:

In settings.gradle add:

pluginManagement {
    repositories {
        gradlePluginPortal()
        maven {
          url 'file:///path/to/cryptosense-gradle-plugin/'
        }
    }
}

And in build.gradle:

plugins {
    ...
    id 'cryptosense' version '0.5.0'
}
...
repositories {
    ...
    maven {
        url 'file:///path/to/cryptosense-gradle-plugin/'
    }
}

Configuration

The plugin needs four configuration values: apiKey, apiUrl, projectId and profileId. Specify them by adding a cryptosense section to build.gradle:

cryptosense {
    apiKey = System.getenv('CS_API_KEY')
    apiUrl = System.getenv('CS_ROOT_URL')
    projectId = System.getenv('CS_PROJECT_ID').toInteger()
    profileId = System.getenv('CS_PROFILE_ID').toInteger()
}

Here we have configured it so that Gradle gets these values from environment variables. This is the recommended method, but if you prefer, you can specify the values directly:

cryptosense {
    apiKey = '<your-API-key>'
    apiUrl = 'https://analyzer.cryptosense.com'
    projectId = <your-project-id>
    profileId = <your-profile-id>
}

The values for projectId and profileId are visible in the web application:

  • projectId as part of the URL https://analyzer.cryptosense.com/project/<projectId>/dashboard
  • profileId as part of the URL https://analyzer.cryptosense.com/organization/profiles/<profileId>/detail

Note that projectId and profileId are integer values, so should not be in quotes.

Usage

./gradlew cleanTest test -Pwith-cryptosense

This will:

  • Run your application's test suite with the Cryptosense tracer attached
  • Generate a trace file and save it in ./cs-tracer/
  • Upload the trace to the CAP instance running at apiUrl
  • Add it to the project projectId
  • Analyze it using profile profileId and generate a report
  • Download a summary of any cryptographic problems found in the report
  • Fail the build if any problems are detected
  • Print a direct link to the relevant report browsable in CAP.