Gradle and CI Fuzz Java Agent

How to correctly run your web app/api with Gradle with CI Fuzz Java agent attached

Don't use JAVA_OPTS

When you start a Java application with Gradle like this:

./gradlew run


./gradlew bootrun

The Gradle daemon is started. This is a Java program that also uses JAVA_OPTS, so if you set -javaagent option with CI Fuzz Java agent in this variable, CI Fuzz will treat Gradle daemon as a webservice with the name that you provided.

Then your actual web application/api will not be registered by CI Fuzz, because the webservice name is already taken in your fuzzing project.

Option 1: compile and run a fat jar

./gradlew bootjar
java -javaagent:<your CI Fuzz Java agent options> -jar build/lib/<your jar file>

Option 2: edit Gradle build settings

Add this to build.gradle:

bootRun {​​​​​​​​​
 jvmArgs ["-javaagent:<your CI Fuzz Java agent options>", "<another arg if needed>"]

Then start your application as usual:

./gradlew bootrun

You should now see the standard output of your application, but this time with lines like these:

INFO: Instrumented org.owasp.webgoat.users.LessonTracker (took 2 ms, size +26%)
INFO: Got status 'OK' from fuzzing server