Support
Shark for Java

Deploying Invicti Shark for Java – Docker (Spring Boot)

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

Invicti Shark Network Prerequisites

Invicti Shark makes use of the Invicti IAST Bridge. For more information, refer to Configuring Invicti IAST Bridge. 

The Invicti Shark agent needs to be deployed to your Docker Spring Boot container. This guide shows you how to deploy the Invicti Shark agent together with your Spring Boot web application into a Docker container.

IMPORTANT: The following installation instructions are for the newer version of the Java IAST sensor. If you are running the older, aspectjweaver-based Java sensor, you need to remove the old sensor, and any reference to aspectjweaver.jar before proceeding with installing the newer version of the Java sensor..

How to deploy the Invicti Shark agent for Java

NOTE: This document assumes that you are logged into the Docker host as root and that all files for this web application will be kept in the folder "/root/myspringapp/"

Step 1: Prepare the folder for Spring Boot Docker deployment

  • On the Docker host, run the following command:
  • mkdir /root/myspringapp/

Step 2: Prepare Invicti Shark for your container

  1. Create a target website in your Invicti UI for the exact URL of your new web application (for example: http://myspringapp.example.com:8080/)
  2. Download the Java Invicti Shark agent for your new web application from the Invicti UI.
  3. Copy the Java Invicti Shark agent file (Shark (IAST and SCA).jar) to the Docker host into folder /root/myspringapp/

Step 3: Prepare the Spring Boot web application for your container

  1. Build your application called, for this example, myspringapp.jar
  2. Copy the JAR file for your web application myspringapp.jar to the Docker host folder /root/myspringapp/

Step 4: Create a Dockerfile for your Spring Boot web application

  1. To create and edit your Dockerfile, run the following command:
  • nano /root/myspringapp/Dockerfile
  1. Edit the contents of your Dockerfile to show the following:

FROM openjdk:8-jdk-alpine

WORKDIR /root/myspringapp/

COPY Shark (IAST and SCA).jar Shark (IAST and SCA).jar

COPY myspringapp.jar myspringapp.jar

EXPOSE 8080

CMD java -javaagent:/root/myspringapp/Shark (IAST and SCA).jar -Dacusensor.debug.log=ON -jar /root/myspringapp/myspringapp.jar

NOTE: The parameter "-Dacusensor.debug.log=ON" is optional, and should ONLY be used for troubleshooting purposes. If this parameter is retained, this will output Invicti Shark logging as additional lines in the Tomcat logs starting with "[Invicti-debug]".

  1. Save the Dockerfile and exit the nano editor.

Step 5: Build your Docker image and start a container based on the image

  • On the Docker host, run the following commands:
  • cd /root/myspringapp/
  • docker build -t myspringapp:test .
  • docker run --publish 8080:8080 --detach --name myspringapp myspringapp:test

You are now ready to scan your new Spring Boot web application with Invicti.