This buildpack provides CxIAST Agent Instrumentation for SpringBoot or Tomcat Java applications running on Cloud Foundry. It is designed to be used with the official Cloud Foundry Java Buildpack in a multi buildpack approach.
This buildpack required IAST v3.7 and up
This buildpack is no longer required, as this was integrated in the official CF Java Buildpack. Follow the instructions in your IAST installation under http://manager-url:8380/iast-ui/#!/AgentDownloadWalkthrough
Create a user provided service named checkmarx and bind it to your application. In its credentials specify the iast_server key pointing to your CxIAST server. The buildpack will download the agent from this server.
For example:
{
"VCAP_SERVICES": {
"user-provided": [
{
"binding_name": "",
"credentials": {
"iast_server": "https://YOUR-CXIAST-SERVER:YOUR-PORT"
},
"instance_name": "checkmarx",
"label": "user-provided",
"name": "checkmarx",
"syslog_drain_url": "",
"tags": [],
"volume_mounts": []
}
]
}
}
Create a manifest.yml file with content similar to this and specify the buildpacks in this order. Then launch your application with cf push. Bulid pack order is important because java_buildpack acts as the final buildpack.
# manifest.yml
---
applications:
- name: YOUR-APP
memory: 1G
instances: 1
path: ./target/cloudfoundry-demo-0.0.1-SNAPSHOT.jar
buildpacks:
- https://github.com/checkmarx-ts/cx-iast-buildpack
- java_buildpack
timeout: 180
Specify multiple build packs on the command line like this:
cf push YOUR-APP -b https://github.com/checkmarx-ts/cx-iast-buildpack -b java_buildpack
Currently, the agent is always active and the Buildpack will always perform Java instrumentation whenever it is used. To control the agent activation by env you should change the Buildpack specification with your existing tooling.
The default cxAppTag value is the application's name in Cloud Foundry. Override this by setting a cxAppTag environment variable for the application in Cloud Foundry.
The default team is CxServer. Override this by setting a cxTeam environment variable. The team must exist on the CxIAST Server - it will not be created automatically.
For heavier applications, you might get the following error when starting:
ERR Timed out after 1m0s: health check never passed.
This can happen due to the overhead of the agent. To resolve this, please increase the timeout to 180 seconds when using this buidpack.
See more here: https://docs.cloudfoundry.org/devguide/deploy-apps/healthchecks.html
Agent logs will be printed to the standard output. They will be picked up by the Cloud Foundry Loggregator, be seen by the cf logs command and be included in any log drains.