Designed to illustrate how buildpacks and supply chains work to build and deploy an application on Kubernetes. Should work just fine with VMware Tanzu Application Platform and VMware Tanzu Application Service.

./mvnw spring-boot:run

curl http://localhost:8080

tanzu apps workload apply springboot-maven --yes --tail -f workload.yaml

1. / HTML home page (shows a single page app containing a static image and some text). Contains a link to the source code.
2. /messages REST Json [GET] (shows a single hardcoded message as part of a list of messages).
3. /actuator REST Json [GET] (Links to the Heath indicator).

For a simple customisation, in the application code (in the arc/main/resources/application.yml file) change the name of the client property from "VMware" to something else and then commit/redeploy/restart.

client: "VMware"

The homepage will then use the new name of the client in the text at the bottom of the page.

Adding a known vulnerability:

Version 2.7.4 of Spring Boot Starter Actuator includes a vulnerable version of Snake YAML (1.3.0). Add this to the POM.xml file.

		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-actuator</artifactId>
		</dependency>

Removing the vulnerability:

Upgrade the Snake YAML dependency manually by adding this to the POM.xml file.

		<dependency>
			<groupId>org.yaml</groupId>
			<artifactId>snakeyaml</artifactId>
			<version>1.32</version>
		</dependency>