Configuring for concurrent scanning
An AppScan 360° SAST consists of two steps:
- Prepare a scan for analysis.
This operation is performed by the
preparer
service when the end user submits source code or a binary such as a.war
file for scanning. - Analyze a scan.
This operation is performed by the
analyzer
service. The input file to this service could be supplied by thepreparer
or directly by the end user who chooses to perform a prepare on their client system using the tools provided (for example, AppScan Go!).
Concurrent scans can be run by configuring the maximum number of preparers and analyzers, as required, to allow Kubernetes to autoscale the number of each service available for scanning. Since the time to prepare or analyze varies by scan, concurrency is specific to each of these operations.
The maximum number of each service depends on the expected peak scan load profile, that is, the peak number of scans submitted, percentage scanning source code/binary, and percentage scanning IRXs.
Because of these unknowns, the optimal configuration may not be possible to define at the initial deployment. The AppScan 360° SAST configuration can be adjusted based on actual scan load and monitoring the RabbitMQ queues to determine the average time a scan waits for availability of either service.
RabbitMQ management portal can be accessed using the ingress by enabling the following property while installing or reconfiguring AppScan 360° SAST:
rabbitmq:
ingress:
enabled: true
hostname: <fqdn to access rabbitmq portal>
The initial configuration can specify an equal number of preparers
and
analyzers
and can be adjusted over time.
To achieve the default scan concurrency (25 scans), the minimum resource configuration is:
CPU | RAM | HDD |
---|---|---|
120 cores | 820GB | 500GB |
If large scans are being submitted, provision with additional resources to achieve desired performance.
- Number of AppScan 360° licenses issued during the ASCP installation.
- Kubernetes configuration and availability of resources to allow multiple preparers and analyzers to be up and running at the same time.
ASCP adapters count | Preparers count | Analyzers count | Minimum CPU | Minimum RAM |
---|---|---|---|---|
1 | 1 | 1 | 9 | 42 |
3 | 25 | 25 | 107 | 814 |
3 | 10 | 25 | 77 | 574 |
Resource configuration (advanced users)
Calculation for total resources: number of preparers * resource per preparer + number of analyzers * resource per analyzer + number of ASCP adapters * resource per adapter + total resources for the remaining services (these services are not autoscaled).