Skip to content

Gradle Plugin Manual

Installation

First you need to make the credentials available to Gradle. There are two recommended methods. Either:

  • Store them in environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY; or
  • Store them in a credentials file ~/.aws/credentials that looks like this:

    [default]
    aws_access_key_id = <access key id>
    aws_secret_access_key = <secret access key value>
    

You can also hard-code the credentials in your build.gradle and settings.gradle, but we don't recommend this.

Next, you need to tell Gradle where to find the plugin and its dependencies. Make the following additions to settings.gradle and build.gradle:

In settings.gradle add:

pluginManagement {
    repositories {
        gradlePluginPortal()
        maven {
            url = 's3://cryptosense-maven/repository'
            authentication {
                awsIm(AwsImAuthentication)
            }
        }
    }
}

And in build.gradle:

plugins {
    ...
    id 'cryptosense' version '0.5.0'
}
...
repositories {
    ...
    maven {
        url = 's3://cryptosense-maven/repository'
        authentication {
            awsIm(AwsImAuthentication)
        }
    }
}

Configuration

The plugin needs four configuration values: apiKey, apiUrl, projectId and profileId. Specify them by adding a cryptosense section to build.gradle:

cryptosense {
    apiKey = System.getenv('CS_API_KEY')
    apiUrl = System.getenv('CS_ROOT_URL')
    projectId = System.getenv('CS_PROJECT_ID').toInteger()
    profileId = System.getenv('CS_PROFILE_ID').toInteger()
}

Here we have configured it so that Gradle gets these values from environment variables. This is the recommended method, but if you prefer, you can specify the values directly:

cryptosense {
    apiKey = '<your-API-key>'
    apiUrl = 'https://analyzer.cryptosense.com'
    projectId = <your-project-id>
    profileId = <your-profile-id>
}

The values for projectId and profileId are visible in the web application:

  • projectId as part of the URL https://analyzer.cryptosense.com/project/<projectId>/dashboard
  • profileId as part of the URL https://analyzer.cryptosense.com/organization/profiles/<profileId>/detail

Note that projectId and profileId are integer values, so should not be in quotes.

Usage

./gradlew cleanTest test -Pwith-cryptosense

This will:

  • Run your application's test suite with the Cryptosense tracer attached
  • Generate a trace file and save it in ./cs-tracer/
  • Upload the trace to the CAP instance running at apiUrl
  • Add it to the project projectId
  • Analyze it using profile profileId and generate a report
  • Download a summary of any cryptographic problems found in the report
  • Fail the build if any problems are detected
  • Print a direct link to the relevant report browsable in CAP.