Configuring for concurrent scanning
An AppScan 360° SAST consists of two steps:
- Prepare a scan for analysis.
This operation is performed by the
preparer
service when the end user submits source code or a binary such as a.war
file for scanning. - Analyze a scan.
This operation is performed by the
analyzer
service. The input file to this service could be supplied by thepreparer
or directly by the end user who chooses to perform a prepare on their client system using the tools provided (for example, AppScan Go!).
Concurrent scans can be run by configuring the maximum number of preparers and analyzers, as required, to allow Kubernetes to autoscale the number of each service available for scanning. Since the time to prepare or analyze varies by scan, concurrency is specific to each of these operations.
The maximum number of each service depends on the expected peak scan load profile, that is, the peak number of scans submitted, percentage scanning source code/binary, and percentage scanning IRXs.
Because of these unknowns, the optimal configuration may not be possible to define at the initial deployment. The AppScan 360° SAST configuration can be adjusted based on actual scan load and monitoring the RabbitMQ queues to determine the average time a scan waits for availability of either service.
RabbitMQ management portal can be accessed using the ingress by enabling the following property while installing or reconfiguring AppScan 360° SAST:
rabbitmq:
ingress:
enabled: true
hostname: <fqdn to access rabbitmq portal>
preparers
and
analyzers
and can be adjusted over time. Use the following table to
help calculate total resources (max) required for some sample configurations.- Number of AppScan 360° licenses issued during the ASCP installation.
- Kubernetes configuration and availability of resources to allow multiple preparers and analyzers to be up and running at the same time.
Calculation for each type of resource = number of preparers * resource per preparer + number of analyzers * resource per analyzer + number of ASCP adapters * resource per adapter + total resources for the remaining services (these services are not autoscaled).
ASCP adapters count | Preparers count | Analyzers count | MaxCPU | MaxRAM |
---|---|---|---|---|
1 | 1 | 1 | 24 ((6*1)+(6*1)+(4*1)+4+2+2) | 60GB ((16*1)+(24*1)+(6*1)+6+4+4) |
3 | 3 | 3 | 56 ((6*3)+(6*3)+(4*3)+4+2+2) | 152GB ((16*3)+(24*3)+(6*3)+6+4+4) |
3 | 10 | 10 | 140 ((6*10)+(6*10)+(4*3)+4+2+2) | 452GB ((16*10)+(24*10)+(6*3)+6+4+4) |
3 | 5 | 10 | 110 ((6*5)+(6*10)+(4*3)+4+2+2) | 372GB ((16*5)+(24*10)+(6*3)+6+4+4) |