OWASP Dependency Check for Vulnerability Reporting

John Hoestje Articles, Development Technologies & Tools, Java, Security, Tutorial Leave a Comment

TL;DR:ย Add OWASP Dependency-Check to your build process to get insight into your dependency vulnerabilities.

Recent major data losses and security vulnerabilities in open source frameworks *(and the applications that use them)* have caused the companies that use those frameworks to have elevated concerns regarding vulnerabilities. The elevated awareness is for good reason, too. After all, no one wants to be the next one to lose sensitive data, be the punching bag of others, or be the example of what *not* to do security-wise.

If you happen to be in a group that doesnโ€™t have any open source vulnerability reporting, OWASP Dependency-Check may be your short-term answer to get at least something in place. Adding OWASP Dependency-Check into your build process takes a relatively low effort. Other than not having the technology that stack Dependency-Check can help you with, there isnโ€™t a reason not to at least add Dependency-Check to give a little insight into your open source dependencies.

The following parts will help you get Dependency-Check integrated into your Java projectโ€™s build process. The instructions will be adaptable to the other technologies Dependency-Check supports, like Gradle or JavaScript. Dependency-Check is also available as a command line tool for your favorite OS. In this example, Iโ€™ll use a Java project with Maven….

Reading and Writing from Excel in Spring Batch

Rik Scarborough Articles, Development Technologies & Tools, Java, Spring, Spring Batch, Tutorial 4 Comments

We have discussed many different ways to read and write data in Spring Batch. The framework comes with quite an assortment of Readers and Writers that can be used directly or reused in some manner. Most of the time, the requirements consist of reading the data from some type of text file or database.

So what happens when the business we are supporting asks for something out of the ordinary, such as reading an Excel file and outputting the data to another Excel file? Typically the off-the-cuff response would be, โ€œcan you convert it to a CSV or other delimited text file?โ€ Or โ€œYou know, Excel will read a CSV file just fine.โ€ Sometimes that works, and sometimes the business requirements do not allow that type of flexibility.

Consider this scenario; in these days of Cloud and other online computing, the input file is likely created by a server that the company has no direct access to as far as programming. The file it creates is in one format, Excel. The output of your process has to go before several executives or other business clients and needs to be formatted in a professional looking manner. Adding a manual process to import a CSV and format it diminishes the value of using Spring Batch.

For the sake of the honor of the coding profession, you agree to the requirement to read and write from an Excel file directly. Now, how do you do that?…

What’s New in JUnit 5.2

Billy Korando Articles, Development Technologies & Tools, Effective Automated Testing With Spring Series, Java, Testing Leave a Comment

The JUnit team continues to make great progress in adding new features and enhancements to the JUnit 5 framework. We already have a second significant feature update after just seven months from the initial release of JUnit 5.

In this article, we look at some of the key features and enhancements added in JUnit 5.2 which was released on April 29th. We’ll focus on build tool enhancements that help in the adoption/migration to JUnit 5 for existing test suites and resolve annoyances, as well as what new changes further improve parameterized tests.

AWS Lambda with Spring Boot

Greg Emerick Articles, AWS, Cloud, Development Technologies & Tools, Java, Spring, Spring Boot 12 Comments

The typical deployment scenario for a Spring Boot application in AWS involves running the Java application on an EC2 instance 24 hours a day. Of course, the application could be deployed in AWS ECS as a Docker container, but it still runs continuously on an EC2 instance. In each case, the EC2 instances need to be monitored and you pay for compute capacity used by that EC2 instance.

AWS Lambda provides low cost compute with zero maintenance. Lambda runs your code on demand, without provisioned and managed servers. Lambda automatically runs and scales your code. You are charged for every 100ms your code executes and the number of times your code is triggered. If the code isnโ€™t running, you pay nothing.

Lambda has clear cost and maintenance benefits. But what does it take to run the standard Spring Boot application as a Lambda? How does it work? What are the drawbacks? These are the questions that will be answered in this blog through a tangible example…

Service Discovery with Eureka and Zuul

Jarett Lear .NET, .NET Core, Articles, Microservices, Spring, Spring Boot 3 Comments

One issue that we face day to day as developers is speed of development. One of the coolest things to me in the ever-changing landscape of technology is how this issue us continually being addressed in an effort to makes our lives easier.

We have gone from having to write everything needed in a verbose way to being able to configure a simple REST API in a few lines of code with Spring Boot. The most amazing part of this is not only the ability to create the web services but also the ability to allow these services to communicate in a smart way. Spring has given us many tools to allow easy configuration and putting together things that just work (mostly).

This post is not to be considered a full guide to which the extent of these technologies can be leveraged. In this post, we give examples of how Spring Boot can be used (along with Zuul and Eureka) to create a simple discovery service.

There are other components that can be added for things like a configuration server to pull all application.properties files from a common location that is updatable in real time, or circuit breakers to allow the graceful failing of different pieces of your API.

What this post will focus on is the service discovery between Spring Boot applications. We will also touch on how, using SteeltoeOSS, .NET applications can also take advantage of being a part of the service discovery and be routed through our Spring Boot-based Zuul Gateway. We will also look at how we can integrate Spring Security into our gateway to secure the entire API no matter the language…