Upgrading or updating the AppScan 360° platform

You can update or upgrade AppScan 360° in it's entirety, or specific components, with or without migrating data:
Upgrade notes:
Important: Before beginning any upgrade steps, ensure no scans are running, and backup all data, including the properties file.
  • To upgrade from an Express single VM install of AppScan 360°, perform a fresh custom single VM or distributed install of AppScan 360°.
  • The upgrade procedure is the same for a custom single VM installation of AppScan 360° or a distributed installation.
  • AppScan 360° supports custom single VM upgrade from version 1.6.x to version 2.0.0.

    Do not skip configuration questions during upgrade.

  • To retain custom certificates from a previous installation, place the certificates in the certs directory structure according to the naming guidelines in installation instructions.

Backing up before upgrading or updating

Before performing any upgrade or update tasks, ensure no scans are running and backup all data and critical files, including:
  • Database

    Follow the instructions in the MSSQL documentation to backup the database.

  • Storage system, whether mounted storage or Kubernetes PV storage.
  • Properties files:
    • Distributed installation: singular-singular.clusterKit.properties
    • Helm installation: singular-singular.clusterKit.yaml
    • Single VM installation: singular-singular.clusterKit.properties and as360-aio-answers.env, located under aioWorkspace/audit.

      In addition, if upgrading single VM installation from the same directory as the previous installation, rename aioWorkspace to allow for a new directory to be created during upgrade. For example, aioWorkspace_old and do not skip configuration questions for single VM setup upon upgrade.

  • To retain custom certificates from a previous installation, place the certificates in the certs directory structure according to the naming guidelines in the installation instructions.

Pre-upgrade step for all installations of AppScan 360°

You must update ownership of the storage volumne before upgrading to version 2.0.0 of AppScan 360°.
  1. Identify the userapi pod name:
    kubectl -n hcl-appscan-ascp get pods
    For example, a pod name might be ascp-mr-user-api-7f7bd44c78-c9d7n.
  2. Update storage owner:
    kubectl -n hcl-appscan-ascp exec <userapi-pod> -- chown -R 1111:2222 /storagemount
    Depending on the number of scans stored on the volume, this may take some time.
  3. Verify the change:
    kubectl -n hcl-appscan-ascp exec <userapi-pod> -- ls -la /storagemount
Important: Do not run scans, reports, or other operations until you complete the upgrade to AppScan 360° version 2.0.0.

Update the current version

To update the installation with a new configuration:
  1. Backup all data and ensure no scans are running.
  2. Update the singular-singular.clusterKit.properties file. See Preparing the configuration file for file parameters.
  3. From the folder location that contains the extracted kit, type:
    ./setup.sh $PWD/..

Upgrade to a new version of AppScan 360° without migrating data

Perform an upgrade only when there are no active scans running.

To upgrade to AppScan 360° version 1.2 from version 1.1.x or earlier without migrating data, follow the instructions in:
  1. Backup all data and ensure no scans are running.
  2. HCL AppScan 360° Prerequisite Instructions
  3. Preparing the configuration file
  4. Installing AppScan 360°

Upgrade to a new version of AppScan 360° and migrate data

To upgrade AppScan 360° version 1.2 or later to a newer version:

Data is migrated automatically.

  1. Backup all data and ensure no scans are running.
  2. Make a backup of singular-singular.clusterKit.properties if you want to maintain the same configuration.
  3. Download the new AppScan 360° installation package from MyHCLSoftware.
  4. Install AppScan 360° as described in Installing AppScan 360°.
    Note: When upgrading the installation, use --target <newfolder>. Upon upgrading successfully, delete previous installation folders to free up space.

    When it's complete you receive confirmation that the AppScan 360° update is installed and ready to use.

Upgrading AppScan Remediation Advisories only

To upgrade the AppScan Remediation Advisories only:
  1. Backup all data and ensure no scans are running.
  2. Download the new AppScan 360° installation package from MyHCLSoftware.
  3. Provide executable permission to the installer by running 
    chmod +x <PATH-OF-INSTALLER/APPSEC-INSTALLER-FILENAME>
  4. Run the installation file, specifying registry information in the command line.
    For example:
    AppScan360_v1.6.0_ASRA.run -- [registry information] -f  ~/.docker/config.json
    You can specify registry information in one of three ways:
    • Directly. For example:
      ./AppScan360_v1.6.0_ASRA.run -- -server <registry[:port]> -f  ~/.docker/config.json

      This method pushes the AppScan Remediation Advisories image to the registry and installs Helm. It does not attempt to create a secret, but verifies that a secret is available in the cluster.

    • From the configuration file specified during ASCP installation. For example:
      ./AppScan360_v1.6.0_ASRA.run -- -config <singular-singular.clusterKit.properties> -f  ~/.docker/config.json

      The method pushes the AppScan Remediation Advisories image to the registry and installs Helm, and creates or replaces the secret.

    • From a separate configuration file. For example:
      ./AppScan360_v1.6.0_ASRA.run -- -file <docker_config_file> -f  ~/.docker/config.json

      This method The method pushes the AppScan Remediation Advisories image to the registry and installs Helm, uses the config file as input to create a secret.yaml file for Helm, and removes any existing secret in the cluster.

      If you choose to use a separate configuration file, the file must contain the following information:

      • CK_DOCKER_REGISTRY_ADDRESS=<registry[:port]>

      • CK_DOCKER_REGISTRY_USERNAME=<username>

      • CK_DOCKER_REGISTRY_PASSWORD=<password>

  5. When installation is complete, you see an appropriate message:

Upgrading or rolling back AppScan 360° using Helm

To upgrade AppScan 360° to a new version using Helm:
  1. Backup all data and ensure no scans are running.
  2. From inside the cloned repository, run:
    git pull
To rollback to a previous version of the installation:
  1. Backup all data and ensure no scans are running.
  2. Review available versions:
    helm history <release-name> -n <namespace>
    Where <release-name> and <namespace> refer to AppScan 360° components and their relative locations in the repository:
    • AppScan Central Platform
      • <release-name>: appscan360-ascp
      • <namespace>: hcl-appscan-ascp
    • AppScan Remediation Advisories
      • <release-name>: asra
      • <namespace>: hcl-asra
  3. Specify the version to which to rollback:
    helm rollback <release-name> <revision-number> -n <namespace>

Applying LDAP properties to an upgrade

In AppScan 360° version 2.0.x single VM install, LDAP related questions are removed from survey questionnaires in favor of using UI-based configuration. However, for installations upgraded from version 1.6.1 or earlier with LDAP/AD integration, these properties require manual configuration as they are not automatically migrated.

Applying LDAP Properties Before Upgrade

For installation upgrading from version 1.6.x or earlier with LDAP/AD integration, this can be done via setting environment variables temporarily in the installation shell before starting upgrade to 2.0.x.
  1. Set Environment Variables: Before running the installation script, set the following environment variables in the shell. Replace placeholder values with actual values:
    export AS360_AIO_AD_DOMAIN='your_domain.com'
export AS360_AIO_AD_USERNAME='your_username'
export AS360_AIO_AD_PASSWORD='your_password'
export AS360_AIO_AD_AUTHORIZED_GROUPS='group1,group2' # Use '' if no groups
export AS360_AIO_AD_SSL='false' # Set to 'true' if using SSL
export AS360_AIO_AD_TARGET_OU='OU=Users,DC=your_domain,DC=com'
  2. Run the Installation Script: Ensure that the variables are set in the same shell session where the installation script is executed. This allows the installation script to access the variables and apply them to the singular properties file.
  3. Verify Properties: After installation, check the singular properties file located at aioWorkspace/audit/singular-singular.clusterKit.properties to confirm that the properties have been applied correctly.

Applying LDAP Properties After Upgrade

If LDAP/AD integration is found to be missing after upgrading to version 2.0.x, you can reconfigure the properties using an answers file.
  1. Prepare the Answers File:
    1. Place the answers file in the installation folder. If installed through the survey, the generated answers file can be found at aioWorkspace/audit/as360-aio-answers.env. Copy this file to the installation folder.
    2. Add the LDAP properties to the answers file, replacing placeholder values with actual values:
      AS360_AIO_AD_DOMAIN='your_domain.com'
AS360_AIO_AD_USERNAME='your_username'
AS360_AIO_AD_PASSWORD='your_password'
AS360_AIO_AD_AUTHORIZED_GROUPS=''
AS360_AIO_AD_SSL='false'
AS360_AIO_AD_TARGET_OU='OU=Users,DC=your_domain,DC=com'
  2. Rerun the Installation: Execute the same installation command used previously. The survey questionnaire will be bypassed, and the LDAP properties will be applied to the singular properties file.
  3. Verify Properties: After installation, check the singular properties file at aioWorkspace/audit/singular-singular.clusterKit.properties to ensure the properties have been correctly applied.