Gradle Plugin Manual
Installation
First you need to make the credentials available to Gradle. There are two recommended methods. Either:
- Store them in environment variables
AWS_ACCESS_KEY_ID
andAWS_SECRET_ACCESS_KEY
; or -
Store them in a credentials file
~/.aws/credentials
that looks like this:[default] aws_access_key_id = <access key id> aws_secret_access_key = <secret access key value>
You can also hard-code the credentials in your build.gradle
and settings.gradle
, but
we don't recommend this.
Next, you need to tell Gradle where to find the plugin and its dependencies. Make the
following additions to settings.gradle
and build.gradle
:
In settings.gradle
add:
pluginManagement {
repositories {
gradlePluginPortal()
maven {
url = 's3://cryptosense-maven/repository'
authentication {
awsIm(AwsImAuthentication)
}
}
}
}
And in build.gradle
:
plugins {
...
id 'cryptosense' version '0.5.0'
}
...
repositories {
...
maven {
url = 's3://cryptosense-maven/repository'
authentication {
awsIm(AwsImAuthentication)
}
}
}
Configuration
The plugin needs four configuration values: apiKey
, apiUrl
, projectId
and
profileId
. Specify them by adding a cryptosense
section to build.gradle
:
cryptosense {
apiKey = System.getenv('CS_API_KEY')
apiUrl = System.getenv('CS_ROOT_URL')
projectId = System.getenv('CS_PROJECT_ID').toInteger()
profileId = System.getenv('CS_PROFILE_ID').toInteger()
}
Here we have configured it so that Gradle gets these values from environment variables. This is the recommended method, but if you prefer, you can specify the values directly:
cryptosense {
apiKey = '<your-API-key>'
apiUrl = 'https://analyzer.cryptosense.com'
projectId = <your-project-id>
profileId = <your-profile-id>
}
The values for projectId
and profileId
are visible in the web application:
projectId
as part of the URLhttps://analyzer.cryptosense.com/project/<projectId>/dashboard
profileId
as part of the URLhttps://analyzer.cryptosense.com/organization/profiles/<profileId>/detail
Note that projectId
and profileId
are integer values, so should not be in quotes.
Usage
./gradlew cleanTest test -Pwith-cryptosense
This will:
- Run your application's test suite with the Cryptosense tracer attached
- Generate a trace file and save it in
./cs-tracer/
- Upload the trace to the CAP instance running at
apiUrl
- Add it to the project
projectId
- Analyze it using profile
profileId
and generate a report - Download a summary of any cryptographic problems found in the report
- Fail the build if any problems are detected
- Print a direct link to the relevant report browsable in CAP.