Skip to main content
This document is for:
Invicti Enterprise on-demand, Invicti Enterprise on-premises

Deploy Invicti Shark for Java - Docker Spring Boot

Invicti Shark Network Prerequisites

Invicti Shark makes use of the Invicti IAST Bridge. For more information, refer to the Configuring Invicti IAST Bridge document.

The Invicti Shark agent needs to be deployed to your Docker Spring Boot container. This document shows you how to deploy the Invicti Shark agent together with your Spring Boot web application into a Docker container.

Important

The following installation instructions are for the newer version of the Java IAST sensor. If you are running the older, aspectjweaver-based Java sensor, you need to remove the old sensor, and any reference to aspectjweaver.jar before proceeding with installing the newer version of the Java sensor.

Deploy the Invicti Shark agent for Java

note

This document assumes that you're logged into the Docker host as root and that all files for this web application are kept in the folder /root/myspringapp/

Step 1: Prepare the folder for Spring Boot Docker deployment

  • On the Docker host, run the following command: mkdir /root/myspringapp/

Step 2: Prepare Invicti Shark for your container

  1. Create a target website in your Invicti UI for the exact URL of your new web application (for example: http://myspringapp.example.com:8080/)
  2. Download the Java Invicti Shark agent for your new web application from the Invicti UI.
  3. Copy the Java Invicti Shark agent file Shark (IAST and SCA).jar to the Docker host folder /root/myspringapp/

Step 3: Prepare the Spring Boot web application for your container

  1. Build your application, called for this example, myspringapp.jar
  2. Copy the JAR file for your web application myspringapp.jar to the Docker host folder /root/myspringapp/

Step 4: Create a Dockerfile for your Spring Boot web application

  1. To create and edit your Dockerfile, run the following command: nano /root/myspringapp/Dockerfile
  2. Edit the contents of your Dockerfile to show the following:
FROM openjdk:8-jdk-alpine
WORKDIR /root/myspringapp/
COPY Shark (IAST and SCA).jar Shark (IAST and SCA).jar
COPY myspringapp.jar myspringapp.jar
EXPOSE 8080
CMD java -javaagent:/root/myspringapp/Shark (IAST and SCA).jar -Dacusensor.debug.log=ON -jar /root/myspringapp/myspringapp.jar

note

The parameter -Dacusensor.debug.log=ON is optional, and should ONLY be used for troubleshooting purposes. If this parameter is retained, this outputs Invicti Shark logging as additional lines in the Tomcat logs starting with [Invicti-debug].

  1. Save the Dockerfile and exit the nano editor.

Step 5: Build your Docker image and start a container based on the image

  • On the Docker host, run the following commands:
    • cd /root/myspringapp/
    • docker build -t myspringapp:test .
    • docker run --publish 8080:8080 --detach --name myspringapp myspringapp:test

You are now ready to scan your new Spring Boot web application with Invicti.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Was this page useful?