JarCasting
JarCasting JarCasting

RIPS maven plugin

A plugin to start scans on a maven project.

License

License
Categories

Categories

Maven Build Tools
GroupId

GroupId

com.ripstech.maven
ArtifactId

ArtifactId

rips-maven-plugin
Last Version

Last Version

1.0.0
Release Date

Release Date
Type

Type

maven-plugin
Description

Description

RIPS maven plugin
A plugin to start scans on a maven project.
Project URL

Project URL

https://www.ripstech.com
Source Code Management

Source Code Management

https://github.com/rips/maven-plugin/tree/master

Download rips-maven-plugin

Filename Size
rips-maven-plugin-1.0.0.pom
rips-maven-plugin-1.0.0.jar 9 KB
rips-maven-plugin-1.0.0-sources.jar 3 KB
rips-maven-plugin-1.0.0-javadoc.jar 18 KB
Browse

How to add to project

<plugin>
    <groupId>com.ripstech.maven</groupId>
    <artifactId>rips-maven-plugin</artifactId>
    <version>1.0.0</version>
</plugin>

Dependencies

runtime (6)

Group / Artifact Type Version
org.apache.maven.plugin-tools : maven-plugin-annotations jar 3.5.2
org.apache.maven : maven-plugin-api jar 3.5.0
org.apache.maven : maven-core jar 3.3.3
com.ripstech.api : connector jar 3.1.1
com.ripstech.api : utils jar 3.1.1
org.jetbrains : annotations jar 16.0.3

Project Modules

There are no modules declared in this project.

RIPS Maven Plugin

Apache Maven is a popular build management tool for Java applications. RIPS security analysis can be easily integrated as a build task in order to fail your build whenever new security vulnerabilities are discovered.

Configuration

You can add and configure the plugin in your pom.xml:

<build>
	<plugins>
		<plugin>
			<groupId>com.ripstech.maven</groupId>
			<artifactId>rips-maven-plugin</artifactId>
			<version>1.0.0</version>
			<configuration>
				<apiUrl>https://api-3.ripstech.com</apiUrl>
				<uiUrl>https://saas.ripstech.com</uiUrl>
				<email>test@company</email>
				<password>yourPassword</password>
				<applicationId>yourApplicationId</applicationId>
				<scanVersion>{isoDateTime}</scanVersion>
				<thresholds>
					<low>10</low>
					<medium>5</medium>
					<high>0</high>
					<critical>0</critical>
				</thresholds>
				<printIssues>true</printIssues>
			</configuration>
			<executions>
                <execution>
                    <goals>
                        <goal>scan</goal>
                    </goals>
                </execution>
            </executions>
		</plugin>
	</plugins>
</build>

Local Setup

Add the plugin to your local repository:

mvn install:install-file -Dfile=<path-to-jar> -DgroupId=com.ripstech \
-DartifactId=rips-maven-plugin -Dversion=1.0.0 -Dpackaging=jar

Details

  • rips.apiUrl(required): Your RIPS Api Url.
  • rips.uiUrl(optional): Your RIPS Ui Url.
  • rips.email(required): Your RIPS Api login email.
  • rips.password(required): Your RIPS Api password.
  • rips.applicationId(required): The id of the RIPS application to use.
  • rips.profileId(optional): The RIPS analysis profile.
  • rips.scanVersion(optional): The version name of the scan.
  • rips.thresholds(optional): Map of tolerated numbers of issues by severity. Possible severities: critical, high, medium, low. (E.g. critical: 0, high: 0, medium: 5, low: 10)
  • rips.analysisDepth(optional): Overwrite default analysis depth(5).
  • rips.scanTimeout(optional): Overwrite default scan timeout (5) in hours.
  • rips.printIssues(optional): Set to false to suppress detailed output of all issues.

Setting the build phase

The plugins' default build phase is 'verify' which means it scans during integration tests. You can change this using the <executions> tag. For instance if you want to set it to 'deploy':

<executions>
    <execution>
        <phase>deploy</phase>
        <goals>
            <goal>scan</goal>
        </goals>
    </execution>
</executions>
com.ripstech.maven

RIPS Technologies

The technology leader in web application security testing

Versions

Version
1.0.0