Invicti IAST Agent for Java - Docker (Spring Boot)

Invicti IAST Network Prerequisites

Invicti IAST makes use of the IAST Bridge. The IAST sensor must be able to communicate with iast.invicti.com to transmit data to the DAST scanning engine.

Invicti IAST sensor needs to be deployed to your Docker Spring Boot container. This document explains how to deploy Invicti IAST together with your Spring Boot web application into a Docker container.

warning

The following installation instructions are for the newer version of the Invicti Java IAST sensor. If you are running the older, aspectjweaver-based Java sensor, you must remove the old sensor and any reference to aspectjweaver.jar before proceeding with installing the newer version of the Invicti Java IAST sensor.

How to deploy the Invicti IAST agent for Java

info

This document assumes that you're logged into the Docker host as root and that all files for this web application are kept in the folder "/root/myspringapp/".

Step 1: Prepare the folder for Spring Boot Docker deployment

On the Docker host, run the following command:
- mkdir /root/myspringapp/

Step 2: Prepare Invicti IAST for your container

Create a Target in Invicti Platform for the exact URL of your new web application (for example: http://myspringapp.example.com:8080/)
Download the Invicti Java IAST sensor. For more information, refer to the Introduction to Invicti IAST document.
Copy the Invicti Java IAST sensor (iastsensor.jar) to the Docker host into folder /root/myspringapp/

Step 3: Prepare the Spring Boot web application for your container

Build your application called, for this example, myspringapp.jar
Copy the JAR file for your web application myspringapp.jar to the Docker host folder /root/myspringapp/

Step 4: Create a Dockerfile for your Spring Boot web application

To create and edit your Dockerfile, run the following command:
- nano /root/myspringapp/Dockerfile
Edit the contents of your Dockerfile to show the following:

FROM openjdk:8-jdk-alpine
WORKDIR /root/myspringapp/
COPY iastsensor.jar iastsensor.jar
COPY myspringapp.jar myspringapp.jar
EXPOSE 8080
CMD java -javaagent:/root/myspringapp/iastsensor.jar -Diastsensor.debug.log=ON -jar /root/myspringapp/myspringapp.jar

info

The parameter "-Diastsensor.debug.log=ON" is optional, and should ONLY be used for troubleshooting purposes. If this parameter is retained, this outputs Invicti IAST logging as additional lines in the logs starting with "[Invicti-debug]".

Save the Dockerfile and exit the nano editor.

Step 5: Build your Docker image and start a container based on the image

On the Docker host, run the following commands:
- cd /root/myspringapp/
- docker build -t myspringapp:test .
- docker run --publish 8080:8080 --detach --name myspringapp myspringapp:test

You are now ready to scan your new Spring Boot web application with Invicti Platform.

Need help?

Contact the support team for help. Go to Help Center

Was this page useful?

How to deploy the Invicti IAST agent for Java​

Step 1: Prepare the folder for Spring Boot Docker deployment​

Step 2: Prepare Invicti IAST for your container​

Step 3: Prepare the Spring Boot web application for your container​

Step 4: Create a Dockerfile for your Spring Boot web application​

Step 5: Build your Docker image and start a container based on the image​

Need help?​