Using STF Through Gradle

The Secure Testing Framework now includes Gradle support, letting teams invoke STF tests with Gradle's Java plugin alongside the existing Ant integration. This post explains the build.gradle source set configuration, TestNG suite variable, and how to pass STF properties like host from the Gradle command line.

Coveros Staff

August 29, 2016

In addition to Ant support, the Secure Testing Framework now has included Gradle support! In the latest release of the Secure Testing Framework, you will see that there is an example build.gradle and gradle.properties included in the repository. In the build.gradle the first thing I’d like to call attention to is the first line:
apply plugin: “java”
This line is included because it is a java project. With the java plugin in gradle, there are implicit source sets that are defined. Further down in the build.gradle, we define our own source set based on our repository structure:

sourceSets {
  test {
    java {
      srcDir 'test/'
    }
  }
}

This means that for the “test” task that we inherit from the java plugin, gradle will look in the ‘test/’ directory or whichever is defined in this block. For example, if your tests are located in ‘src/main/unit_test/’ then in your build.gradle, your source set block would look like this:
sourceSets {
  test {
    java {
      srcDir 'src/main/unit_test/'
    }
  }
}

By default, the test source set is defined as ‘src/main/test’.
The next thing that is of note in the build.gradle is the ‘dependencies’ block, here we define which dependencies we have and where to find the dependencies. In the example repository, we have the Secure Testing Framework jar in the ‘lib’ directory, so in the build.gradle:
testCompile files('lib/stf-1.4.0.jar')
It’s also important to note that this jar is defined as a testCompile dependency meaning it’ll only resolve this dependency when a test task is called.
In order to make your build script more dynamic, the following block uses the $suite variable to define your TestNG test suite. The full block can be seen here:
test{
  useTestNG{
    suites "$suite"
  }
}

If you want to set a default for this suite you can define the variable in gradle.properties, in the following way:
suite = sample.xml.
You are also able to overwrite this variable by passing the -P option from the command line. For example:
 gradle build -Psuite=test.xml
The final thing is that you can still pass properties, such as “host”, to the STF by using the -D flags:
 gradle build -Dhost=www.google.com
You can find more information on the Secure Test Framework in the following blogs:
SecureCI Testing Framework
New Testing Framework Release
Testing Web Services Using STF

Related Blogs

Navigating the Technical Debt Crisis in Financial Services

Leveraging AI-Augmented Development to Mitigate Systemic Risk and Reclaim Operational Alpha

The ROI of Training

This article builds the financial case for investing in staff training, covering both hard metrics and intangible cultural benefits such as...

Using Hierarchical State Diagrams to Tame State Explosion Representation in Complex Software State Diagrams

As systems grow complex, flat state diagrams suffer from state explosion where the number of states and transitions becomes unmanageable for...

Building Scalable Resilient and Efficient Systems with the GitHub Well Architected Framework

Breaks down the Architecture pillar of the GitHub Well-Architected Framework, covering scalability, resiliency, efficiency, modularity,...
Coveros Staff

Coveros Staff

This post represents the collective insights of the Coveros team. Our staff consists of software experts who bring deep experience in secure agile development, DevOps, testing, and software quality. Over the past 20 years, Coveros has trained more than 30,000 professionals and worked with half of the Fortune 100 companies on mission-critical software development challenges. We draw on this extensive experience to share practical insights, proven strategies, and real-world solutions that help organizations build better software faster and more securely.