{"id":30704157,"url":"https://github.com/fortify/iwa-java","last_synced_at":"2025-09-02T17:49:04.186Z","repository":{"id":63002504,"uuid":"541414490","full_name":"fortify/IWA-Java","owner":"fortify","description":"Insecure Web + API application with example Fortify integrations into many DevSecOps and CICD platforms","archived":false,"fork":false,"pushed_at":"2024-11-17T16:18:01.000Z","size":3908,"stargazers_count":2,"open_issues_count":9,"forks_count":44,"subscribers_count":7,"default_branch":"main","last_synced_at":"2024-11-17T16:36:03.747Z","etag":null,"topics":["fortify-integration-sample","vulnerable-sample-app"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fortify.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-09-26T04:59:48.000Z","updated_at":"2024-07-02T19:39:26.000Z","dependencies_parsed_at":"2024-11-18T00:49:47.255Z","dependency_job_id":null,"html_url":"https://github.com/fortify/IWA-Java","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/fortify/IWA-Java","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fortify%2FIWA-Java","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fortify%2FIWA-Java/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fortify%2FIWA-Java/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fortify%2FIWA-Java/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fortify","download_url":"https://codeload.github.com/fortify/IWA-Java/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fortify%2FIWA-Java/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273324818,"owners_count":25085488,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-02T02:00:09.530Z","response_time":77,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fortify-integration-sample","vulnerable-sample-app"],"created_at":"2025-09-02T17:49:02.699Z","updated_at":"2025-09-02T17:49:04.177Z","avatar_url":"https://github.com/fortify.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# IWA (Insecure Web App) Java Edition\n\n## Overview\n\n_IWA (Insecure Web App) Java Edition_ is an example Java/Spring Web Application for use in **DevSecOps** scenarios and demonstrations.\nIt includes some examples of bad and insecure code - which can be found using static and dynamic application\nsecurity testing tools such as those provided by [Micro Focus Fortify](https://www.microfocus.com/en-us/cyberres/application-security).\n\nThe application is intended to provide the functionality of a typical \"online pharmacy\", including purchasing Products (medication)\nand requesting Services (prescriptions, health checks etc). It has a modern-ish HTML front end (with some JavaScript) and a Swagger based API.\n\n*Please note: the application should not be used in a production environment!*\n\n## Forking the Repository\n\nIn order to execute example scenarios for yourself it is recommended that you \"fork\" a copy of this repository into\nyour own GitHub account. The process of \"forking\" is described in detail in the [GitHub documentation](https://docs.github.com/en/github/getting-started-with-github/fork-a-repo) - you can start the process by clicking on the \"Fork\" button at the top right.\n\n## Building the Application\n\nTo build the application, execute the following from the command line:\n\n```\nmvn clean package\n```\n\nThis will create a JAR file (called `iwa.jar`) in the `target` directory.\n\nTo build a WAR file for deployment to an application server such as [Apache Tomcat](http://tomcat.apache.org/)\nexecute the following:\n\n```\nmvn -Pwar clean package\n```\n\nThis will create a WAR file (called `iwa.war`) in the `target` directory.\n\n## Running the Application\n\n### Development (IDE/command line)\n\nTo run (and test) locally in development mode, execute the following from the command line:\n\n```\nmvn spring-boot:run\n```\n\n### Release (Docker Image)\n\nThe JAR file can be built into a [Docker](https://www.docker.com/) image using the provided `Dockerfile` and the\nfollowing commands:\n\n```\nmvn -Pjar clean package\ndocker build -t iwa -f Dockerfile .\n```\n\nor on Windows:\n\n```\nmvn -Pjar clean package\ndocker build -t iwa -f Dockerfile.win .\n```\n\nThis image can then be executed using the following commands:\n\n```\ndocker run -d -p 8888:8080 iwa\n```\n\n## Using the Application\n\nTo use the application navigate to the URL: [http://localhost:8888](http://localhost:8888). You can carry out a number of\nactions unauthenticated, but if you want to login you can do so as one of the following users:\n\n- **user1@localhost.com/password**\n- **user2@localhost.com/password**\n  \nThere is also an administrative user:\n\n- **admin@localhost.com/password**\n\nUpon login, you will be subsequently asked for a Multi-Factor Authentication (MFA) code. This functionality\nis not yet enabled and you can enter anything here, e.g. `12345`.\n\n### REST APIs \nTo run (and test) locally in development mode, Go to Home Page -\u003e My Account -\u003e API Explorer OR\nuse the following URL: [http://localhost:8888/swagger-ui/index.html?configUrl=/v3/api-docs/swagger-config](http://localhost:8888/swagger-ui/index.html?configUrl=/v3/api-docs/swagger-config)\n\n### API Authentication\nevery API endpoint is behind authenitcation and thus require to authenticate with JWT Token before pro\nGo To \"Site\" Operations and expand on :\n```\n/api/v3/site/sign-in\n```\nClick \"Try it Out\" button, provide administrative username and password mentioned above and hit \"Execute\" button.\n\nCopy the \"accessToken\" value from response and paste into Swagger Authorization (padlock) icon.\n\nNow, go ahead and try the API methods.\n\n## Licensing\n\nThis application is made available under the [GNU General Public License V3](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffortify%2Fiwa-java","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffortify%2Fiwa-java","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffortify%2Fiwa-java/lists"}