| Detection Criterion | Existence of a single bound Seeker Security Provider service. The existence of a provider service is defined by the VCAP_SERVICES payload containing a service name, label or tag with seeker as a substring.
+ |
+
| Tags | +seeker-service-provider | +
seeker as substring. The credential payload must contain the following entries:
+
+| Name | Description
+| ---- | -----------
+| `seeker_server_url` | The fully qualified URL of a Synopsys Seeker Server (e.g. `https://seeker.example.com`)
+
+**NOTE**
+In order to use this integration, the Seeker Server version must be at least `2019.08` or later.
diff --git a/lib/java_buildpack/framework/seeker_security_provider.rb b/lib/java_buildpack/framework/seeker_security_provider.rb
new file mode 100644
index 0000000000..c45f5619ed
--- /dev/null
+++ b/lib/java_buildpack/framework/seeker_security_provider.rb
@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+
+# Cloud Foundry Java Buildpack
+# Copyright 2013-2017 the original author or authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'java_buildpack/component/base_component'
+require 'java_buildpack/framework'
+require 'java_buildpack/util/dash_case'
+
+module JavaBuildpack
+ module Framework
+
+ # Encapsulates the functionality for enabling zero-touch Seeker support.
+ class SeekerSecurityProvider < JavaBuildpack::Component::BaseComponent
+
+ # Creates an instance
+ #
+ # @param [Hash] context a collection of utilities used the component
+ def initialize(context)
+ super(context)
+
+ @uri = download_url(credentials) if supports?
+ end
+
+ # (see JavaBuildpack::Component::BaseComponent#detect)
+ def detect
+ @uri ? self.class.to_s.dash_case : nil
+ end
+
+ # (see JavaBuildpack::Component::BaseComponent#compile)
+ def compile
+ JavaBuildpack::Util::Cache::InternetAvailability.instance.available(
+ true, 'Downloading from Synopsys Seeker Server'
+ ) do
+ download_zip('', @uri, false, @droplet.sandbox, @component_name)
+ end
+ @droplet.copy_resources
+ rescue StandardError => e
+ raise "Synopsys Seeker download failed: #{e}"
+ end
+
+ # (see JavaBuildpack::Component::BaseComponent#release)
+ def release
+ c = credentials
+
+ @droplet.java_opts.add_javaagent(@droplet.sandbox + 'seeker-agent.jar')
+ @droplet.environment_variables
+ .add_environment_variable('SEEKER_SERVER_URL', c[SEEKER_SERVER_URL_CONFIG_KEY])
+ end
+
+ private
+
+ # Relative path of the agent zip
+ AGENT_PATH = '/rest/api/latest/installers/agents/binaries/JAVA'
+
+ # seeker service name identifier
+ FILTER = /seeker/i.freeze
+
+ # JSON key for the address of seeker sensor
+ SEEKER_SERVER_URL_CONFIG_KEY = 'seeker_server_url'
+
+ private_constant :AGENT_PATH, :FILTER, :SEEKER_SERVER_URL_CONFIG_KEY
+
+ def credentials
+ @application.services.find_service(FILTER, SEEKER_SERVER_URL_CONFIG_KEY)['credentials']
+ end
+
+ def download_url(credentials)
+ "#{credentials[SEEKER_SERVER_URL_CONFIG_KEY]}#{AGENT_PATH}"
+ end
+
+ def supports?
+ @application.services.one_service?(FILTER, SEEKER_SERVER_URL_CONFIG_KEY)
+ end
+
+ end
+
+ end
+
+end
diff --git a/spec/fixtures/stub-seeker-agent.zip b/spec/fixtures/stub-seeker-agent.zip
new file mode 100644
index 0000000000..7020550543
Binary files /dev/null and b/spec/fixtures/stub-seeker-agent.zip differ
diff --git a/spec/java_buildpack/framework/seeker_security_agent_spec.rb b/spec/java_buildpack/framework/seeker_security_agent_spec.rb
new file mode 100644
index 0000000000..9fc91f6bac
--- /dev/null
+++ b/spec/java_buildpack/framework/seeker_security_agent_spec.rb
@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+# Cloud Foundry Java Buildpack
+# Copyright 2013-2018 the original author or authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'spec_helper'
+require 'component_helper'
+require 'java_buildpack/framework/seeker_security_provider'
+
+describe JavaBuildpack::Framework::SeekerSecurityProvider do
+ include_context 'with component help'
+
+ it 'does not detect without seeker service' do
+ expect(component.detect).to be_nil
+ end
+
+ context do
+
+ before do
+ allow(services).to receive(:one_service?).with(/seeker/i, 'seeker_server_url').and_return(true)
+
+ allow(services).to receive(:find_service).and_return('credentials' => { 'seeker_server_url' =>
+ 'http://localhost' })
+
+ allow(application_cache).to receive(:get).with('http://localhost/rest/api/latest/installers/agents/binaries/JAVA')
+ .and_yield(Pathname.new('spec/fixtures/stub-seeker-agent.zip').open,
+ false)
+ end
+
+ it 'detects with seeker service' do
+ expect(component.detect).to eq('seeker-security-provider')
+ end
+
+ it 'expands Seeker agent zip for agent direct download' do
+ component.compile
+
+ expect(sandbox + 'seeker-agent.jar').to exist
+ end
+
+ it 'updates JAVA_OPTS' do
+ component.release
+
+ expect(java_opts).to include('-javaagent:$PWD/.java-buildpack/seeker_security_provider/seeker-agent.jar')
+ expect(environment_variables).to include('SEEKER_SERVER_URL=http://localhost')
+ end
+
+ end
+
+end