HXSecurity / DongTai-agent-java

Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.
https://dongtai.io
Apache License 2.0
682 stars 192 forks source link
agent applicationsecuritymonitoring appsec-tutorials devsecops dongtai-iast iast java security-scan

DongTai-agent-java


中文版本(Chinese version)

license Apache-2.0 GitHub stars GitHub forks GitHub Contributors

CI Github Version Release downloads

Project Introduction

Dongtai-agent-java is DongTai Iast's data acquisition tool for Java applications. In a Java application with the iast agent added, the required data is collected by rewriting class bytecode, and then the data is sent to dongtai-OpenAPI service, and then the cloud engine processes the data to determine whether there are security holes.

Dongtai-agent-java consists of agent.jar, dongtai-core-jar, dongtai-spy. Jar and dongtai-servlet.jar:

Application Scenarios

Quick Start

Please refer to the Quick Start.

Quick Development

  1. Fork the DongTai-agent-java , clone your fork:

    git clone https://github.com/<your-username>/DongTai-agent-java
  2. Write code to your needs.

  3. Compile Dongtai-agent-Java using Maven:

    mvn clean package -Dmaven.test.skip=true
    • notice: JDK version is 1.8.
  4. folder ./release is generated in the project root directory after compilation:

    release
    ├── dongtai-agent.jar
    └── lib
       ├── dongtai-servlet.jar
       ├── dongtai-core.jar
       └── dongtai-spy.jar
  5. Copy dongtai-core.jardongtai-spy.jardongtai-servlet.jar to the system temporary directory. Get the system temporary directory to run the following Java code:

    System.getProperty("java.io.tmpdir.dongtai");
  6. Run the application and test the code (for example, SpringBoot) : java -javaagent:/path/to/dongtai-agent.jar -Ddongtai.debug=true -jar app.jar

  7. Contribute code. If you want to contribute code to the DongTai IAST team, please read the full contribution guide.

Supported Java versions and middleware