JarCasting
JarCasting JarCasting

RIPS maven plugin

A plugin to start scans on a maven project.

Лицензия

Лицензия
Категории

Категории

Maven Компиляция и сборка
Группа

Группа

com.ripstech.maven
Идентификатор

Идентификатор

rips-maven-plugin
Последняя версия

Последняя версия

1.0.0
Дата

Дата
Тип

Тип

maven-plugin
Описание

Описание

RIPS maven plugin
A plugin to start scans on a maven project.
Ссылка на сайт

Ссылка на сайт

https://www.ripstech.com
Система контроля версий

Система контроля версий

https://github.com/rips/maven-plugin/tree/master

Скачать rips-maven-plugin

Имя Файла Размер
rips-maven-plugin-1.0.0.pom
rips-maven-plugin-1.0.0.jar 9 KB
rips-maven-plugin-1.0.0-sources.jar 3 KB
rips-maven-plugin-1.0.0-javadoc.jar 18 KB
Обзор

Как подключить последнюю версию

<plugin>
    <groupId>com.ripstech.maven</groupId>
    <artifactId>rips-maven-plugin</artifactId>
    <version>1.0.0</version>
</plugin>

Зависимости

runtime (6)

Идентификатор библиотеки Тип Версия
org.apache.maven.plugin-tools : maven-plugin-annotations jar 3.5.2
org.apache.maven : maven-plugin-api jar 3.5.0
org.apache.maven : maven-core jar 3.3.3
com.ripstech.api : connector jar 3.1.1
com.ripstech.api : utils jar 3.1.1
org.jetbrains : annotations jar 16.0.3

Модули Проекта

Данный проект не имеет модулей.

RIPS Maven Plugin

Apache Maven is a popular build management tool for Java applications. RIPS security analysis can be easily integrated as a build task in order to fail your build whenever new security vulnerabilities are discovered.

Configuration

You can add and configure the plugin in your pom.xml:

<build>
	<plugins>
		<plugin>
			<groupId>com.ripstech.maven</groupId>
			<artifactId>rips-maven-plugin</artifactId>
			<version>1.0.0</version>
			<configuration>
				<apiUrl>https://api-3.ripstech.com</apiUrl>
				<uiUrl>https://saas.ripstech.com</uiUrl>
				<email>test@company</email>
				<password>yourPassword</password>
				<applicationId>yourApplicationId</applicationId>
				<scanVersion>{isoDateTime}</scanVersion>
				<thresholds>
					<low>10</low>
					<medium>5</medium>
					<high>0</high>
					<critical>0</critical>
				</thresholds>
				<printIssues>true</printIssues>
			</configuration>
			<executions>
                <execution>
                    <goals>
                        <goal>scan</goal>
                    </goals>
                </execution>
            </executions>
		</plugin>
	</plugins>
</build>

Local Setup

Add the plugin to your local repository:

mvn install:install-file -Dfile=<path-to-jar> -DgroupId=com.ripstech \
-DartifactId=rips-maven-plugin -Dversion=1.0.0 -Dpackaging=jar

Details

  • rips.apiUrl(required): Your RIPS Api Url.
  • rips.uiUrl(optional): Your RIPS Ui Url.
  • rips.email(required): Your RIPS Api login email.
  • rips.password(required): Your RIPS Api password.
  • rips.applicationId(required): The id of the RIPS application to use.
  • rips.profileId(optional): The RIPS analysis profile.
  • rips.scanVersion(optional): The version name of the scan.
  • rips.thresholds(optional): Map of tolerated numbers of issues by severity. Possible severities: critical, high, medium, low. (E.g. critical: 0, high: 0, medium: 5, low: 10)
  • rips.analysisDepth(optional): Overwrite default analysis depth(5).
  • rips.scanTimeout(optional): Overwrite default scan timeout (5) in hours.
  • rips.printIssues(optional): Set to false to suppress detailed output of all issues.

Setting the build phase

The plugins' default build phase is 'verify' which means it scans during integration tests. You can change this using the <executions> tag. For instance if you want to set it to 'deploy':

<executions>
    <execution>
        <phase>deploy</phase>
        <goals>
            <goal>scan</goal>
        </goals>
    </execution>
</executions>
com.ripstech.maven

RIPS Technologies

The technology leader in web application security testing

Версии библиотеки

Версия
1.0.0