The wercker getting started with Java sample has been updated in this forked copy to use the OWSAP dependency-check tool as a step in the security-scan
pipeline.
There is also an option to use the OWASP supplied gradle plugin based on the updates made to the orginal build.gradle
file in the build
pipeline.
The wercker application for this fork has a wercker workflow that triggers the security-scan
pipeline after the build
pipeline completes. In addition, the GitHub status is updated by wercker such that each commit will indicate the result of the pipelines.
When building locally with the wercker CLI, a proxy server and proxy port can be specified in the environment file:
X_HTTPS_PROXY_SERVER="proxy.company.com"
X_HTTPS_PROXY_PORT="80"
Then when running the wercker CLI specify:
wercker --environment /home/crperez/proxy_env.txt build --pipeline security-scan
To run the gradle build with a proxy server, update the properties file in your local ~/.gradle folder or create a gradle.properties file in the root of the gradle project:
systemProp.http.proxyHost=proxy.company.com
systemProp.http.proxyPort=80
systemProp.http.nonProxyHosts=*.company.com|localhost|127.0.0.1
systemProp.https.proxyHost=proxy.company.com
systemProp.https.proxyPort=80
systemProp.https.nonProxyHosts=*.company.com|localhost|127.0.0.1
See https://www.owasp.org/index.php/OWASP_Dependency_Check or the documentation on GitHub
- Abstract out the version of the OWASP dependency-check tool used when the Step executes
- Add additional Step parameters that map to the OWASP dependency-check CLI parameters
A sample application in Java for wercker.
This application uses the openjdk
container obtained from the Docker Hub
Clone this repo and cd into the directory:
git clone https://github.com/wercker/getting-started-java.git
cd getting-started-java
then build using:
wercker build
To run the application, simply execute:
wercker dev --expose-ports
Now point your browser at http://localhost:8080
to see:
Hello World!
Sign up for wercker: http://www.wercker.com Learn more at: http://devcenter.wercker.com