Skip to content

Gradle Plugin reference🔗

The SandboxAQ Gradle Plugin automates testing using the Java Tracer and uploads the resulting traces to AQtive Guard to generate a report.


The Gradle Plugin requires Java 8 or higher, and Gradle 5.6.3 or higher.


Gradle Plugin getting started explains how to use the Gradle Plugin.


  • apiKey: (required) API Key used to authenticate with AQtive Guard.
  • apiUrl: (required) URL of the AQtive Guard platform. Should follow the form https://<hostname>.
  • appname: Set the appname value in the trace header. This is used in AQtive Guard to identify the application that was traced.
  • compress: Passed to the Java tracer. See Java Tracer Reference.
  • ignoreUpdate: Passed to the Java tracer. See Java Tracer Reference.
  • out: Passed to the Java tracer. See Java Tracer Reference.
  • profileId: (required) ID of the profile to apply to the analysis. See Find the profile ID.
  • projectId: (required) ID of the project where trace should be included. See Find the project ID.
  • trace: Passed to the Java tracer. See Java Tracer Reference.


The API Key provided by AQtive Guard is unique to each user and should be treated as sensitive information. We recommend not checking this value into your codebase and securely storing it using your CI server.

For instructions on providing the API Key value to your test runners when using Jenkins, refer to Using environment variables in the Jenkins User Handbook. Consult the corresponding user guides for documentation on GitLab CI/CD variables and Travis CI Environment Variables.

How it works🔗

The Gradle Plugin passes the following arguments to the Java Virtual Machine (JVM) running the application:

  • -javaagent:$agentJarPath: where $agentJarPath points to the SandboxAQ Java Tracer agent.
  • -Xbootclasspath/a:$bootClassPathDep: where $bootClassPathDep points to dependencies of the plugin and agent.
  • -Dcryptosense.agent.$config=$value: where $config and $value are the configuration keys specific to the Java Tracer.

These arguments initiate the Java Tracer, which generates a trace for the application. When complete, the Gradle Plugin uploads the trace file to AQtive Guard using the GraphQL API, which in turn triggers an analysis.


Results of the tracer will be temporarily stored in $outDirPath/test-$num, with an increasing $num value for each time the application is run, before being uploaded to AQtive Guard.


The traces being written are not deleted automatically.

Trusted certificate limitation🔗

There isn’t a method to designate a trusted certificate using a parameter.

If the server presents a self-signed certificate or a certificate signed by a custom CA, you must manually add the required certificate to the Java Runtime Environment (JRE) to establish trust to upload a trace.

Add the certificate using the following command:

"$JAVA_HOME"/bin/keytool \
    -import -noprompt \
    -keystore "$JAVA_HOME"/lib/security/cacerts \
    -storepass changeit \
    -alias custom-alias-foo \
    -file /path/to/cert_or_ca.pem

In this example:

  • $JAVA_HOME is the home path to your Java Development Kit (JDK).
  • keystore indicates the path to the keystore file.
  • storepass is the password for the keystore.
  • alias is the custom certificate name.
  • file is the path to the certificate file.


Replace /lib with /jre/lib. for older JREs.