Invicti IAST Agent for Java – Docker (Spring Boot)
Invicti IAST Network Prerequisites: |
The Invicti IAST agent needs to be deployed to your Docker Spring Boot container. This document explains how to deploy Invicti IAST together with your Spring Boot web application into a Docker container.
The following installation instructions are for the newer version of the Invicti Java IAST sensor. If you are running the older, aspectjweaver-based Java sensor, you must remove the old sensor and any reference to aspectjweaver.jar before proceeding with installing the newer version of the Invicti Java IAST sensor. |
How to deploy the Invicti IAST agent for Java
This document assumes that you are logged into the Docker host as root and that all files for this web application will be kept in the folder "/root/myspringapp/" |
Step 1: Prepare the folder for Spring Boot Docker deployment
- On the Docker host, run the following command:
- mkdir /root/myspringapp/
Step 2: Prepare Invicti IAST for your container
- Create a Target in your Invicti Platform UI for the exact URL of your new web application (for example: http://myspringapp.example.com:8080/)
- Download the Invicti Java IAST sensor for your web application target from the Invicti Platform UI.
- Copy the Invicti Java IAST sensor (iastsensor.jar) to the Docker host into folder /root/myspringapp/
Step 3: Prepare the Spring Boot web application for your container
- Build your application called, for this example, myspringapp.jar
- Copy the JAR file for your web application myspringapp.jar to the Docker host folder /root/myspringapp/
Step 4: Create a Dockerfile for your Spring Boot web application
- To create and edit your Dockerfile, run the following command:
- nano /root/myspringapp/Dockerfile
- Edit the contents of your Dockerfile to show the following:
FROM openjdk:8-jdk-alpine |
The parameter "-Diastsensor.debug.log=ON" is optional, and should ONLY be used for troubleshooting purposes. If this parameter is retained, this will output Invicti IAST logging as additional lines in the Tomcat logs starting with "[Invicti-debug]". |
- Save the Dockerfile and exit the nano editor.
Step 5: Build your Docker image and start a container based on the image
- On the Docker host, run the following commands:
- cd /root/myspringapp/
- docker build -t myspringapp:test .
- docker run --publish 8080:8080 --detach --name myspringapp myspringapp:test
You are now ready to scan your new Spring Boot web application with Invicti Platform.