Gradle/Jenkins Tutorial

Gradle plugin

INSTALLATION

Download and extract the plugin into some directory that will be referred to as gradle-plugin-dir.

Ensure you have the following configuration in build.gradle:

plugins {
    ...
    id 'cryptosense version' '0.0.1'
}

repositories {
    ...
    ivy {
        url 'gradle-plugin-dir'
    }
}

cryptosense {
    agentVersion = '0.0.1'
    apiKey = 'myapikey'
    apiUrl = 'https://analyzer.cryptosense.com'
    projectId = project_id
    profileId = profile_id
}

The numerical integers for project_id and profile_id are visible in the web application:

And in settings.gradle:

pluginManagement {
    repositories {
    ivy {
        url 'gradle-plugin-dir'
    }
    gradlePluginPortal()
    }
}
USAGE

Run the tests with:

./gradlew cleanTest test -Pwith-cryptosense

This will output a JSON report to report.json and the tests will be marked as failed if any crypto misuse is found.

Jenkins plugin

INSTALLATION

Download cryptosense.hpi. Go to “Manage Jenkins”, “Manage Plugins”, “Advanced” and then use the “Upload Plugin” form to install the plugin.

Once installed, go to the project settings:

  • Use ./gradlew cleanTest test -Pwith-cryptosense as a shell build command.
  • Add “Display Cryptosense findings” as a post-build action.
USAGE

The Cryptosense findings are displayed on each build page. They contain a summary and a link to the full report on the Cryptosense Analyzer web application.

ADVANCED

The Jenkins plugin actually doesn’t depend on the Gradle plugin. It relies on the build command to generate report.json, which could be done by a different build system or script.

Try a Free 14-day Trial

Cryptosense Analyzer audits your applications and infrastructure to find vulnerabilities and understand your crypto landscape. Use it to optimise bug-fix resources and demonstrate compliance.