Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Application Security Platform
Invicti IAST for JAVA

Invicti IAST Agent for Java – Docker (Spring Boot)

This document is for:
Invicti Platform

Invicti IAST Network Prerequisites: 
Invicti IAST makes use of the IAST Bridge. The IAST sensor must be able to communicate with iast.invicti.com to transmit data to the DAST scanning engine.

The Invicti IAST agent needs to be deployed to your Docker Spring Boot container. This document explains how to deploy Invicti IAST together with your Spring Boot web application into a Docker container.

The following installation instructions are for the newer version of the Invicti Java IAST sensor. If you are running the older, aspectjweaver-based Java sensor, you must remove the old sensor and any reference to aspectjweaver.jar before proceeding with installing the newer version of the Invicti Java IAST sensor.

How to deploy the Invicti IAST agent for Java

This document assumes that you are logged into the Docker host as root and that all files for this web application will be kept in the folder "/root/myspringapp/"

Step 1: Prepare the folder for Spring Boot Docker deployment

  • On the Docker host, run the following command:
  • mkdir /root/myspringapp/

Step 2: Prepare Invicti IAST for your container

  • Create a Target in your Invicti Platform UI for the exact URL of your new web application (for example: http://myspringapp.example.com:8080/)
  • Download the Invicti Java IAST sensor for your web application target from the Invicti Platform UI.
  • Copy the Invicti Java IAST sensor (iastsensor.jar) to the Docker host into folder /root/myspringapp/

Step 3: Prepare the Spring Boot web application for your container

  • Build your application called, for this example, myspringapp.jar
  • Copy the JAR file for your web application myspringapp.jar to the Docker host folder /root/myspringapp/

Step 4: Create a Dockerfile for your Spring Boot web application

  • To create and edit your Dockerfile, run the following command:
  • nano /root/myspringapp/Dockerfile
  • Edit the contents of your Dockerfile to show the following:

FROM openjdk:8-jdk-alpine
WORKDIR /root/myspringapp/
COPY iastsensor.jar iastsensor.jar
COPY myspringapp.jar myspringapp.jar
EXPOSE 8080
CMD java -javaagent:/root/myspringapp/iastsensor.jar -Diastsensor.debug.log=ON -jar /root/myspringapp/myspringapp.jar

The parameter "-Diastsensor.debug.log=ON" is optional, and should ONLY be used for troubleshooting purposes. If this parameter is retained, this will output Invicti IAST logging as additional lines in the Tomcat logs starting with "[Invicti-debug]".

  • Save the Dockerfile and exit the nano editor.

Step 5: Build your Docker image and start a container based on the image

  • On the Docker host, run the following commands:
  • cd /root/myspringapp/
  • docker build -t myspringapp:test .
  • docker run --publish 8080:8080 --detach --name myspringapp myspringapp:test

You are now ready to scan your new Spring Boot web application with Invicti Platform.

Top Articles

What is Invicti?

Overview of Scan Policies

Scheduling Scans

Managing Integrations

Built-In Reports

Share This Article