|
| 1 | +--- |
| 2 | +title: "Quickly Start A ZAST.AI Assessment Using GitHub Codespaces" |
| 3 | +description: "A step-by-step tutorial on how to leverage GitHub Codespaces to build, package, and submit Java applications to ZAST.AI for vulnerability assessment without local environment setup." |
| 4 | +keywords: "ZAST.AI, GitHub Codespaces, Java, Maven, Vulnerability Assessment, Cloud IDE, Security Testing, DevSecOps" |
| 5 | +date: 2025-11-18 |
| 6 | +categories: ["User Guides", "DevSecOps", "Tutorials"] |
| 7 | +tags: |
| 8 | + [ |
| 9 | + "ZAST.AI", |
| 10 | + "GitHub Codespaces", |
| 11 | + "Java", |
| 12 | + "Vulnerability Assessment", |
| 13 | + "Cloud Development" |
| 14 | + ] |
| 15 | + |
| 16 | + |
| 17 | +--- |
| 18 | + |
| 19 | + |
| 20 | +**ZAST.AI Team**, |
| 21 | + |
| 22 | +Nov. 18, 2025, Seattle |
| 23 | + |
| 24 | +--- |
| 25 | + |
| 26 | +[GitHub Codespaces](https://github.com/features/codespaces) is a cloud-driven development environment suitable for various development scenarios, whether it’s a long-term project or a short-term task like reviewing pull requests. Operators can use these environments from either Visual Studio Code or a web-based editor. With it, we can quickly start a project and set up an environment, saving significant time and costs associated with preparing machines, setting up environments, configuring domains, etc. |
| 27 | + |
| 28 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/1.PNG' | relative_url }}" alt="1" width="850" height="auto"></center> |
| 29 | + |
| 30 | +Today, we are going to illustrate how to use GitHub Codespaces to build projects online, compiling Java archive files and packaging into a Java archive file (war/jar), and submit the archive file to ZAST.AI for vulnerability assessing. |
| 31 | + |
| 32 | +# **Step 1** |
| 33 | + |
| 34 | +Log in to GitHub account and locate the corresponding project. Currently, since ZAST.AI focuses security vulnerabilities in Java-based web applications for now, we have prepared a Java web project as an example. |
| 35 | + |
| 36 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/2.PNG' | relative_url }}" alt="2" width="850" height="auto"></center> |
| 37 | + |
| 38 | +Click the green "Code" button, and the pop-up window will display two tabs: Local and Codespaces. Switch to the Codespaces tab. If you have never created a Codespace before, select "Create Codespace on main." |
| 39 | + |
| 40 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/3.PNG' | relative_url }}" alt="3" width="450" height="auto"></center> |
| 41 | + |
| 42 | +GitHub will then start creating the Codespace, which is a quick process, taking only a few seconds. |
| 43 | + |
| 44 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/4.PNG' | relative_url }}" alt="4" width="850" height="auto"></center> |
| 45 | + |
| 46 | +Once created, we’ll see the project directory on the left side. Confirm that the project contains a pom.xml file; if it doesn't, the compilation will fail. |
| 47 | + |
| 48 | +# **Step 2** |
| 49 | + |
| 50 | +Now we can start building the project in the cloud on Codespace. From the "menu," select "Terminal," then open a "new terminal," or directly type in the lower terminal area: |
| 51 | + |
| 52 | +*mvn clean package -DskipTests* |
| 53 | + |
| 54 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/5.PNG' | relative_url }}" alt="5" width="850" height="auto"></center> |
| 55 | + |
| 56 | +After hitting Enter, the program will start running automatically. Once it finishes, you will see a "Build Success" prompt in the terminal window, and a new target folder will be created in the file directory. Open this folder to find the built Java files. |
| 57 | + |
| 58 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/6.PNG' | relative_url }}" alt="6" width="850" height="auto"></center> |
| 59 | + |
| 60 | +# **Step 3** |
| 61 | + |
| 62 | +Next, we will compile and package the project into an archive filethe project into a Java archive file so that we can upload it to ZAST.AI for vulnerability assess. In the terminal, type the following command: |
| 63 | + |
| 64 | +*java -jar target/simple-login-app-0.0.2-SNAPSHOT.jar* |
| 65 | + |
| 66 | +After typing the first letter, press the Tab key, and Codespace will auto-fill it for you. |
| 67 | + |
| 68 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/7.png' | relative_url }}" alt="7" width="850" height="auto"></center> |
| 69 | + |
| 70 | +Once the run is completed, we will usually see a prompt in the bottom right corner of Codespace asking whether to set the port to public. We should confirm this setting. |
| 71 | + |
| 72 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/8.png' | relative_url }}" alt="8" width="850" height="auto"></center> |
| 73 | + |
| 74 | +In addition, on the right of the "Terminal" tab, there’s a "Ports" tab with a notification bubble saying "1." Click it, and we will see a network icon next to the address displaying “Open in Browser.” Click it to open. |
| 75 | + |
| 76 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/9.png' | relative_url }}" alt="9" width="850" height="auto"></center> |
| 77 | + |
| 78 | +If everything goes smoothly, we will see the following content. Clicking "Continue" will redirect us to this address. Completing this step means the Java project has been successfully created and is visible on the internet. We copy this site URL in advance, as it will be used for submitting the assessment task later. |
| 79 | + |
| 80 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/10.png' | relative_url }}" alt="10" width="850" height="auto"></center> |
| 81 | + |
| 82 | +Next, go back to Codespaces, find the target folder, and download the archive file so that we can submit it to ZAST.AI for vulnerability assess. |
| 83 | + |
| 84 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/11.png' | relative_url }}" alt="11" width="850" height="auto"></center> |
| 85 | + |
| 86 | +# **Step 4** |
| 87 | + |
| 88 | +Now, let’s explain how to submit and assess this Java project on ZAST.AI. First, visit ZAST.AI and register for an account. Please ensure you provide thorough information on the waitlist application page to expedite your early access. |
| 89 | + |
| 90 | +Before submitting the project for an assessment, there are five steps: uploading the deployment artifact file, performing connectivity checks, ownership verification, uploading source code, and adding test accounts. Here’s a detailed description of each step. |
| 91 | + |
| 92 | +- First, give the project a name, choose the Java archive file downloaded from Codespace, then proceed to the next step for connectivity check. |
| 93 | + |
| 94 | + |
| 95 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/12.png' | relative_url }}" alt="12" width="850" height="auto"></center> |
| 96 | + |
| 97 | +- On the connectivity check page, we need to enter the URL of the target service. This URL is the one we mentioned in step 3, so paste it directly and then perform the connectivity check. Once finished, click the next step to enter the ownership verification. |
| 98 | + |
| 99 | + |
| 100 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/13.png' | relative_url }}" alt="13" width="850" height="auto"></center> |
| 101 | +<br> |
| 102 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/14.png' | relative_url }}" alt="14" width="850" height="auto"></center> |
| 103 | + |
| 104 | +- In the ownership verifying step, the page provides detailed instructions. First, we need to manually add the HTTP challenge source and then copy the hash value provided on the page. Go back to Codespace, find the zast.txt document, and paste the hash value there. (If you haven't created one before, you need to create a new one.) |
| 105 | + |
| 106 | + |
| 107 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/15.png' | relative_url }}" alt="15" width="850" height="auto"></center> |
| 108 | +<br> |
| 109 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/16.png' | relative_url }}" alt="16" width="850" height="auto"></center> |
| 110 | + |
| 111 | +- After completing the ownership verification, proceed to upload the source code. ZAST.AI does not mandate that the actual source code be uploaded. However, the availability of source code will improve the precision of the assess result, e.g., the line numbers for each frame of the vulnerability call flows. |
| 112 | + |
| 113 | + |
| 114 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/17.png' | relative_url }}" alt="17" width="850" height="auto"></center> |
| 115 | + |
| 116 | +- Next, we need to use the embedded browser to log in to test accounts. Change the default Simply change the API BASE URL in the address bar to the login URL. |
| 117 | + |
| 118 | + |
| 119 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/18.jpg' | relative_url }}" alt="18" width="850" height="auto"></center> |
| 120 | + |
| 121 | +Log In: Log in to the test account on the login page. |
| 122 | + |
| 123 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/19.jpg' | relative_url }}" alt="19" width="850" height="auto"></center> |
| 124 | + |
| 125 | +Add user session and Choose Role: After a successful login, select the role for the test accounts and then click “Add user session” in the action section. |
| 126 | + |
| 127 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/20.jpg' | relative_url }}" alt="20" width="850" height="auto"></center> |
| 128 | +<br> |
| 129 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/21.jpg' | relative_url }}" alt="21" width="850" height="auto"></center> |
| 130 | + |
| 131 | +Add Account: Once an account is logged in and confirmed (the ‘Add user session’ button will turn green), click “add account” to open a new tab. |
| 132 | + |
| 133 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/22.jpg' | relative_url }}" alt="22" width="850" height="auto"></center> |
| 134 | + |
| 135 | +Repeat Process: Continue entering the address and logging in to the test accounts until all accounts are added. |
| 136 | + |
| 137 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/23.jpg' | relative_url }}" alt="23" width="850" height="auto"></center> |
| 138 | + |
| 139 | +Before officially starting the assessment, the system will present an overview of this assessment, including the content we submitted. After confirming everything is correct, tick the box for the service terms and privacy policy, and then we can start the assessment! |
| 140 | + |
| 141 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/24.png' | relative_url }}" alt="24" width="850" height="auto"></center> |
| 142 | + |
| 143 | +Assessing time will depend on the size of the submitted project, typically taking a few hours. The system will notify we via email once the assess is complete, so keep an eye on inbox. |
| 144 | + |
| 145 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/25.jpg' | relative_url }}" alt="25" width="850" height="auto"></center> |
| 146 | + |
| 147 | +# **Step 5** |
| 148 | + |
| 149 | +To ensure that the assess task completes smoothly, we need to keep the Codespace service running during the assessment. Therefore, please change the Codespace idle time to 4 hours; the path for modification is: GitHub -\> Settings -\> Code, Planning, and Automation -\> Codespaces -\> Default Idle Timeout. After making the time change, remember to save it before exiting. |
| 150 | + |
| 151 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/26.png' | relative_url }}" alt="26" width="850" height="auto"></center> |
| 152 | + |
| 153 | +That’s all for the detailed steps on using GitHub Codespace to create projects and compile Java, as well as submitting Java archive files to the ZAST.AI for vulnerability assess. We hope this is helpful for everyone. |
| 154 | + |
| 155 | +Lastly, here’s a little tip: once we receive the vulnerability report from ZAST.AI, the Codespace service can be wrapped up. Remember to return to the GitHub project page and manually stop and delete this Codespace project in the “Code” section; otherwise, it will keep running, consuming our allotted time. |
| 156 | + |
| 157 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/27.png' | relative_url }}" alt="27" width="850" height="auto"></center> |
| 158 | + |
| 159 | +GitHub provides users with 120 hours of free time each month, you can view the specific consumption of Codespace in your Profile -\> Settings -\> Billing & Plan. |
| 160 | + |
| 161 | +<center><img src="{{'/assets/img/Quickl-Start-a-ZAST.AI-Assessment-Using-GitHub-Codespaces/28.png' | relative_url }}" alt="28" width="850" height="auto"></center> |
0 commit comments