Deployment configuration parameters

The AppScan 360° Static Analysis environment can be customized as follows:

Create a configuration file in the yaml format. For example, values.yaml.
List the customized parameters in the configuration file.
Global, common, and RabbitMQ specific parameters are described in the following tables.
Use the -f option with the sast-service.sh script to specify the path name to configuration file. For example, when the configuration files is named values.yaml:
```
> cat values.yaml 
global: 
    storage: 
        pvc: 
            storage: 100Gi 
    ingress: 
        ingressClassName: nginx.
```

Global parameters


Parameter	Description	Default Value
`global.workload.mainContainer.image.registry`	Registry from which to pull AppScan 360° Static Analysis images	`hclcr.io`
`global.workload.mainContainer.image.repository`	Repository path to locate AppScan 360° Static Analysis images.	appscan360-sast/sast-service
`global.workload.mainContainer.image.tag`	Version of AppScan 360° Static Analysis images.	8.0.xxxx
`global.workload.mainContainer.image.pullPolicy`	Policy to pull AppScan 360° Static Analysis images from registry.	IfNotPresent
`global.storage.pvc.storageClassName`	Storage provider class name. Configured by the deployment script.	azurefile for Azure deployment.
`global.storage.pvc.accessModes`	Array of access permissions to the storage volumes.	ReadWriteMany
`global.storage.pvc.storage`	Storage allocation for AppScan 360° Static Analysis data volume.	200Gi
`global.storage.pvclogs.storage`	Storage allocation for AppScan 360° Static Analysis logs volume.	10Gi
`global.storage.pvcLogs.name`	User given name for `pvcLog` volume mount.
`global.ca.root.serverCertificate`	CA certificate to sign AppScan 360° Static Analysis components. Configured by the deployment script.
`global.ca.root.serverKey`	Private key to sign AppScan 360° Static Analysis components. Configured by the deployment script.
`global.ingress.ingressClassName`	Ingress controller class name to use for AppScan 360° Static Analysis ingress.
`global.ingress.additionalAnnotations`	List of annotations to configure in AppScan 360° Static Analysis ingress.
`common.ingress.hostname`	Fully qualified domain name (FQDN) to access SAppScan 360° Static Analysis ingress.	sast.appscan.com
`common.auth.token`	Bearer token to configure authorization in AppScan 360° Static Analysis. Configured by the deployment script.
`common.configMap.LOG_LEVEL`	Log level for underlying micro-service for each AppScan 360° Static Analysis components	INFO
`common.configMap.SCAN_ARTIFACTS_AGE_IN_DAYS`	Number of days to retain the scan artifacts before they can be removed from AppScan 360° Static Analysis storage.	10
`common.configMap.ASCP_SERVER_URL`	ASCP server URL to integrate with. Configured by the deployment script.

Common parameters

The following parameters can be used to customize each AppScan 360° Static Analysis component separately.

To configure the parameter for a particular component, prefix the parameter with the component name. For example, to configure the parameter <>.common.workload.mainContainer.resources.requests.cpu for gateway component:

gateway.common.workload.mainContainer.resources.requests.cpu=2


Parameter	Description	Options	Default
`<>.common.configMap`	List of supported configurable parameters for underlying micro-service for each component.	LOG_LEVEL, log level for underlying micro-service of the component.	INFO
`<>.common.secrets`	List of supported configurable secret parameters for underlying micro-service for each component.	ASCP_AUTH_KEY, holds the ASCP server authentication token. Applicable for 'ascp-adapter'. Configured by the deployment script.
`<>.common.hpa.maxReplicaCount`	Maximum number of replicas allowed for auto-scaling the component.	ascp-adapter, preparer, analyzer	3
`<>.common.workload.mainContainer.resources.requests.cpu`	Minimum number of CPUs required for the component.	gateway, ascp-adapter, scan-manager, workflow-manager	4
`<>.common.workload.mainContainer.resources.requests.cpu`	Minimum number of CPUs required for the component.	preparer, analyzer	2
`<>.common.workload.mainContainer.resources.requests.memory`	Minimum amount of memory (RAM) required for the component.	gateway	1Gi
		ascp-adapter, scan-manager, workflow-manager	4Gi
		preparer, analyzer	24Gi
`<>.common.workload.mainContainer.resources.limits.cpu`	Maximum number of CPUs required for the component.	gateway, ascp-adapter, scan-manager, workflow-manager	4
`<>.common.workload.mainContainer.resources.limits.cpu`	Maximum number of CPUs required for the component.	preparer, analyzer	8
`<>.common.workload.mainContainer.resources.limits.memory`	Maximum amount of memory (RAM) required for the component.	gateway	4Gi
		ascp-adapter, scan-manager, workflow-manager	8Gi
		preparer, analyzer	32Gi
`<>.common.workload.additionalLabels`	List of deployment labels to configure for the component.
`<>.common.workload.additionalAnnotations`	List of deployment annotations to configure for the component.
`<>.common.workload.podLabels`	List of pod labels to configure for the component.
`<>.common.workload.podAdditionalAnnotations`	List of pod annotations to configure for the component.
`<>.common.workload.additionalNodeSelector`	List of node selectors to configure for the component.
`<>.common.workload.additionalTolerations`	List of tolerations to configure for the component.
`<>.common.metrics.port`	Port to access Prometheus metrics for the component.		8443
`<>.common.metrics.path`	URL to access Prometheus metrics for the component.		`/actuator/prometheus`

RabbitMQ

RabbitMQ parameters that can be customized are as follows:


Parameter	Description	Default
`rabbitmq.image.registry`	Registry to pull RabbitMQ container images.	`hclcr.io`
`rabbitmq.image.repository`	Repository path to locate RabbitMQ container image .	`appscan360-sast/sast-service`
`rabbitmq.image.tag`	Version of RabbitMQ container images.	3.11.10-debian-11-r0
`rabbitmq.auth.username`	Username to access RabbitMQ.	`appscan`
`rabbitmq.auth.password`	Password to access RabbitMQ. Configured by the deployment script. Configured by the deployment script.
`rabbitmq.persistance.storageClass`	Storage provider class name to use in RabbitMQ. Configured by the deployment script.	`azurefile` for Azure deployment.
`rabbitmq.ingress.enabled`	Ingress to access RabbitMQ management portal.	False
`rabbitmq.ingress.hostname`	Fully qualified domain name (FQDN) to access RabbitMQ management portal ingress.	`rabbitmq.sast.appscan.com`

To see the complete list:

If installing from HCL Harbor, navigate to the following path for a complete listing of configuration parameters and associated values Projects > appscan360-sast/sast-service/sast-service-core > values.
If installing from archive file, the values.yaml file can be found in the chart folder (sast-service-base/helm/sast-service-core/values.yaml).

Node selector configuration

The SAST deployment can be configured to run a component's pod in a particular node that meets the criteria. Below are the properties related to node selector configurations:


Parameter	Description
`<>.common.workload.additionalNodeSelector`	Accepts the node label to which to install. The selector picks a node with the label provided.
`rabbitmq.common.nodeSelector`	Accepts the node label to which to install RabbitMQ. The selector picks a node with the label provided.

For example:

Create a label with name sastNodeType and value sast-analyzer-node for a node pool.
Once the node is configured with the label, the pods can be configured to be created in the matching nodes. To configure the analyzer component's pods to be created in the node with label sastNodeType=sast-analyzer-node, configure properties as follows:
```
  analyzer:
    common:
      workload:
        additionalNodeSelector:
          sastNodeType: sast-analyzer-node
```

Sample YAML file

global:
  storage:
    pvc:
      storage: 20G
    pvcLogs:
      storage: 2G
    ingress:
      additionalAnnotations:

    nginx.ingress.kubernetes.io/backend-protocol:HTTPS