You can find out more about our Gradle plugin in our blog post.
Gradle is a build automation system used primarily for Java projects. It builds upon the concepts of Apache Maven and Ant but works with a Groovy or Kotlin DSL instead of XML files for configuration.
You can easily add RIPS security analysis as a task to run on each build to automatically detect new security issues.
|RIPS Plugin||RIPS API||Gradle|
* for Kotlin DSL Gradle ≥ 5.0 required
Add the following snippet to your build file to apply to the plugin.
If dynamic configuration is required, you can use the following build script snippet:
This will add the task ripsScan to the verification task set.
The plugin is not yet published to the official plugin repository and has be published to the local one manually:
Now you have to add the local maven repository to your build file:
To configure the plugin you can set the following properties.
|Property||Default Value Or Required||Description|
|The URL of the RIPS API that should be used for scanning. |
Our SaaS API is available at https://api-3.ripstech.com. This API also works for trial accounts.
For On-premises, make sure to also add the port of your API, for example: http://192.168.201.1:8080
|uiUrl||No||The URL of your RIPS UI|
|Yes||The e-mail address of the user running the scan.|
|password||Yes||The password of the user running the scan.|
|applicationId||Yes (only if no applicationName is given)|
The numerical ID of the application in RIPS to be scanned.
(note: the application must exist and is not automatically created)
If no applicationId is given, the integration will use a existing application associated with this name. If no application exists, it will be created and the best matching quota will be chosen.
|profileId||No||The profile ID of a scan profile to use for the scan.|
|The name of your scan. Predefined placeholders are available.|
Threshold for issues with critical severity.
Build will fail if the sum of issues with critical severity is higher than the threshold.Leave empty to ignore threshold.
Threshold for issues with high severity.
Build will fail if the sum of issues with high severity is higher than the threshold.Leave empty to ignore threshold.
Threshold for issues with medium severity.
Build will fail if the sum of issues with medium severity is higher than the threshold.Leave empty to ignore threshold.
Threshold for issues with low severity.
Build will fail if the sum of issues with low severity is higher than the threshold.Leave empty to ignore threshold.
|printIssues||true||Print detailed output of issues.|
Note: Please do not store your credentials in the build.gradle file else they will be checked into source control. You can use environment variables or the gradle.properties file instead.
After properly configuring the plugin you can simply start a scan by running the task ripsScan. It will zip your project files, upload them to the RIPS instance and starts a scan. Once the scan is done it will check if any thresholds were exceed, failing the build if that is the case.
To configure that the task is added to a specific life cycle, please refer the Gradle documention for further information.