Skip to content

Maven Plugin getting started🔗

Before you begin🔗

Please make sure that you have the following information available:

  • Your AQtive Guard root URL - optional
    • For SaaS, the default URL is https://analyzer.cryptosense.com.
    • For AQtive Guard on-premises, the URL will be in the form https://domain.example.net.
  • Your AQtive Guard API Key - required
    • This key can be found at <https://analyzer.cryptosense.com/api>.
    • Refer to Retrieve the API key for more details.
  • Your target project ID (projectId) - required
    • Found in the project overview URL in the AQtive Guard web interface: https://analyzer.cryptosense.com/project/<projectId>/dashboard
    • Refer to Find the project ID for more details.
  • Your target profile ID (profileId) - required
    • Found in the profiles page URL in the AQtive Guard web interface: https://analyzer.cryptosense.com/organization/profiles/<profileId> Refer to Find the profile ID for more details.

Installation🔗

  1. Extract the package (example: cryptosense-maven-plugin-1.2.3.zip).
  2. Copy the extracted artifacts to a repository that Maven can access, such as a standalone directory in the filesystem or an internal Maven repository.

Note

This archive only contains SandboxAQ artifacts. Maven will also need to download external dependencies from a public repository, such as Maven Central, or a private company-wide repository or equivalent.

Configuration🔗

This guide assumes that the Maven repository containing SandboxAQ artifacts is in the /path/to/cryptosense/repository directory on the filesystem.

Plugin repository🔗

To add the SandboxAQ repository as a configured plugin repository, add the following to the project section of your pom.xml file:

XML
<project>
  ...
  <pluginRepositories>
    ...
    <pluginRepository>
      <id>cryptosense-repository</id>
      <url>file://path/to/cryptosense/repository</url>
    </pluginRepository>
    ...
  </pluginRepositories>
  ...
</project>

Create an AQtive Guard build profile🔗

The most flexible way to use the plugin is to create a build profile. Add the <profile> below to your pom.xml configuration:

XML
<project>
  ...
  <profiles>
    ...
    <profile>
      <id>sandbox</id>
      <build>
        <plugins>
          <plugin>
            <groupId>com.cryptosense</groupId>
            <artifactId>cryptosense-maven-plugin</artifactId>
            <version>MAVEN PLUGIN VERSION</version>  <!-- change this -->
            <configuration>
              <apiUrl>AQtive Guard API URL</apiUrl>  <!-- change this -->
              <apiKey>${env.CS_API_KEY}</apiKey>
              <projectId>AQtive Guard PROJECT ID</projectId>  <!-- change this -->
              <profileId>AQtive Guard PROFILE ID</profileId>  <!-- change this -->
            </configuration>
            <executions>
              <execution>
                <id>inject-agent</id>
                <goals>
                  <goal>inject-agent</goal>
                </goals>
              </execution>
              <execution>
                <id>generate-report</id>
                <goals>
                  <goal>generate-report</goal>
                </goals>
              </execution>
            </executions>
          </plugin>
        </plugins>
      </build>
    </profile>
    ...
  </profiles>
  ...
</project>

This code assumes that the API key will be provided as the CS_API_KEY environment variable.

Run tests with the plugin🔗

When running your tests, add -P sandbox to enable the profile. For example, a full test suite (with trace upload) can be run using the command:

Bash
mvn clean install -P sandbox

This will run your tests with the SandboxAQ Java Tracer attached and will upload the results to the project chosen in the previous section.

To confirm the plugin was used, check the output to see if the inject-agent and generate-report goals were triggered as part of the build.

Next steps🔗

Customize the prefix used for traces and reports🔗

To customize the prefix used by the SandboxAQ Java agent when generating trace files (and therefore the uploaded traces and reports), add the following to the configuration in your pom.xml:

XML
<configuration>
  ...
  <agentOutputPrefix>myprefix</agentOutputPrefix>
</configuration>