Popište a porovnejte nástroje Maven a Gradle / Describe and compare the tools Maven and Gradle

Tvrdíková, Lucie

January 2012

The goal of this work is to analyze systems Maven and Gradle and to compare one against the other. Whilst I was analyzing both the systems user guides in Czech language were created. To achieve the set of goals of the thesis I had to use user guides and books that were written in English as a source of information. The user guides describes the system basics, dependency management, testing and multi-project builds. Comparisons between the two systems were created from information from the user guides and personal experi-ence of the author. The practical part of the thesis contains files for build application in Maven and Gradle.

Enhancing CryptoGuard's Deployability for Continuous Software Security Scanning

Frantz, Miles Eugene

21 May 2020

The increasing development speed via Agile may introduce overlooked security steps in the process, with an example being the Iowa Caucus application. Verifying the protection of confidential information such as social security numbers requires security at all levels, providing protection through any connected applications. CryptoGuard is a static code analyzer for Java. This program verifies that developers do not leave vulnerabilities in their application. The program aids the developer by identifying cryptographic misuses such as hard-coded keys, weak program hashes, and using insecure protocols. In my Master thesis work, I made several important contributions to improving the deployability, accessibility, and usability of CryptoGuard. I extended CryptoGuard to scan source and compiled code, created live documentation, and supported a dual cloud and local tool-suite. I also created build tool plugins and a program aid for CryptoGuard. In addition, I also analyzed several Java-related surveys encompassing more than 50,000 developers and reported interesting current practices of real-world software developers. / Master of Science / Throughout the rise of software development, there has been an increase in development speed with developers embracing methodologies that use higher rates of changes, such as Agile. Since Agile naturally addresses "problems of rapid change", this also increases the likelihood of insecure and vulnerable coding practices. Though consumers depend on various public applications, there can still be failures throughout the development process in applications such as the Iowa caucus application. It was determined the Iowa cacus application development teams' repository credentials (API key) was left within the application itself. API keys provide the credential to be able to directly interact with server systems, and if left unguarded can be easily exploited. Since the Iowa cacus application was released publicly, malicious actors (other people looking to exploit the application) may have already discovered this credential. Within our team we have created CryptoGuard, a program to analyze applications to detect cryptographic issues such as an API key. Creating it with scalability in mind, it was created to be able to scan enterprise code at a reasonable speed. To ensure its use within companies, we have been working on extending and enhancing the work to the current needs of Java developers. Verifying the current Java landscape, we investigated three different companies and their developer ecosystem surveys that are publicly available. Amongst these companies are; JetBrains, known for their Integrated Development Environments (IDE, or application to help write applications) and their own programming language, Snyk, known for their public security platform and anti-virus capability, and Jakarta EE, which is the new platform for the enterprise version of Java. Throughout these surveys, we accumulate more than 50,000 developers' responses, spanning various countries, company experience, and ages. With their responses amalgamated, we enhance CryptoGuard to be available to as many developers and their requests as possible.First, CryptoGuard is enhanced to scan a projects source code. After that, ensuring our project is hosted by a cloud service, we actively are extending our project to the Security Assurance Marketplace (SWAMP). Funded by the DHS, SWAMP not only supplies a public cloud for developers to use, but a local download option to scan a program within the user's own computer. Next, we create a plugin for two most used build tools, Gradle and Maven. Then to ensure CryptoGuard can be have reactive aide, CryptoSoule is created to aide minimal interface aide. Finally utilizing a live documentation service, an open source documentation website was created to provide working examples to the community.

Cryptoguard

Static-Code Analyzer

Java

Deployment Grade

Gradle

Maven

Java 8

Java 7

Java 11

Modelem řízený vývoj Android aplikací / Model Driven Development of Android Applications

Bělehrádek, Stanislav

January 2017

This thesis deals with the design and implementation of Android application development tool based on model driven software development. The first part of the thesis is focused on general software development and next part on software development based on model driven development and executable UML. In next part Android platform, methods of Android application development and existing MDD tools are described. This thesis continues with the design of my own MDD tool for the creation of Android applications. The designed tool is realized like Gradle plugin and independent development environment using thisplugin. The designed tool is based on fUML and ALF language. The features and options of development tool are demonstrated by creation of example application.

The Usefulness of Programming Languages Beyond Java

Jonsson, Alexander

January 2019

Beyond Java, new programming languages running on the Java virtual machine (JVM) have been developed, such as Kotlin, Scala, JRuby and Clojure amongst others. Since all those languages compile to Java bytecode, they should theoretically be able to be used together in a project. This paper investigates if it is possible and what benefits it gives using those programming languages together in a project. The languages chosen to be used together were Jython, Scala and Kotlin. An experiment was conducted where in a single project, each programming language was assigned a problem to be solved. The experiment was then conducted in two iterations where in each iteration, the problems to be solved was assigned to a different programming language. From the experiment it was shown that using those languages together in a project was possible but resulted in some complications needed to be solved. It was also shown that the following division amongst the languages worked best in the present use case: Jython for graphical handling, Scala for calculating and computing and Kotlin for data-handling.

Java virtual machine

JVM

Scala

Jython

Kotlin

project

IntelliJ Idea

Gradle

Paradigm

nullable

typing

Övrig annan teknik

Generátor zefektivňující tvorbu a udržovatelnost single-page aplikací / Single-Page Application Generator for Improving Maintainabilty

Ďurčanský, Norbert

January 2019

This diploma thesis deals with developing generator for single-page applications. Before developing the application it was necessary to identify problem areas that prevent the development and describe tools that make it easy to create, test, maintain, and deploy single-page applications. Based on the obtained information, the generator Create Sbspa is designed and implemented to efficiently create single-page applications and help to eliminate development problems. It generates configuration and code from semantic templates. The generator is available through a user interface that splits the templates into the groups by applicability. The generator was designed with the need for simplicity and clarity to enable efficient integration with new features. This work also includes design and implementation of the example app which shows features and benefits of the generator.