Custom installation of AppScan 360° on a single virtual machine

The AppScan 360° single VM setup script asks a series of questions to configure your environment. Review the setup information at Setting up the single VM environment and gather the information you will need to complete the installation.

mkdir -p ~/aio-setup
mv *.run ~/aio-setup/

sudo ./AppScan360_SingleVMsetup_v2.0.0.run -- $PWD prepareCertsFolders

cd ~/aio-setup
sudo ./AppScan360_SingleVMsetup_v2.0.0.run -- $PWD

1. > Will this production deployment include Software Composition Analysis (SCA)? This requires license. (y/n) [Default: n]:

   Default is n.

   • y: Include the Software Composition Analysis (SCA) component in your installation. SCA allows you to analyze applications for open-source component vulnerabilities.
   • n: Do not include the Software Composition Analysis (SCA) component in your installation.

2. > To ensure system stability, we strongly recommend validating your server's hardware against your expected workload. This helps prevent scan failures and performance issues after installation. Do you want to perform this resource check now? (y/n) [Default: y]:

   Default is y.

   • y: Validate hardware resources against your expected scan workload. This is recommended for production environments.
     Indicate the expected number of concurrent scans:

     🖥️ *** Production Workload & Resource Planning ***
     📊 To calculate hardware requirements, please specify the maximum number of scans you expect to run at the same time (concurrently).
     💡 You can enter 0 if a scan type will not be used.
     
     > Enter desired number of concurrent STATIC (SAST) scans [Default: 1]:
     > Enter desired number of concurrent DYNAMIC (DAST) scans [Default: 1]:
     > Enter desired number of concurrent INTERACTIVE (IAST) scans [Default: 1]:

     If you opted to enable SCA, indicate the expected number of concurrent SCA scans:

     Enter desired number of concurrent SCA scans [Default: 1]:

   • n: Skip resource validation.
3. Production installations must configure an external MSSQL database. Respond to prompts as they are presented.

   • 🛢️ *** Database Configuration ***
     > Enter Database Hostname or IP:

   • > Enter Database Port [Default: 1433]:

   • > Enter Database User for AppScan:

   • > Enter Database User Password:

   • > Enter the name for the main AppScan database [Default: AppScanCloudDB]:

4. If you opted to include Software Composition Analysis (SCA) in the installation:

   • Enter the SCA database name:

     > Please provide a name for the new SCA database [Default: AppScan360_SCA_DB]:

   • Enter the SCA aggregation database name:

     > Please provide a name for the new SCA Aggregation database [Default: > AppScan360_SCA_Aggregation_DB]:

   • Enter the registry information for SCA updates or accept the defaults where applicable:

     > SCA Registry Address [Default: hclcr.io]:
     > SCA Registry Path [Default: appscan360/as360-k8s-docker-images]:
     > SCA Registry Username (typically your HCL ID):
     > SCA Registry Password/Token:
     > SCA Helm Repository Path [[Default:appscan360/as360-k8s-helm-packages]:

     Note: Use your HCL ID and password/token to enable automatic updates for the SCA vulnerability database. Your system must be connected to the internet for automatic updates.

5. 🔗 Network Configuration
   > Please enter the primary domain name for this installation. This will be used to create the access URL (e.g., yourcompany.com):

   This is a required field with no default value. The domain name specified is used to create the access URL for your AppScan 360° instance. For example, if you enter appscan-test.local, your AppScan 360° URL will be https://hostname.appscan-test.local.

   The domain name should be easy to remember, unique within your network environment, and should not conflict with existing domains.

6. > Please enter the external domain(s) or IP(s) that this instance will need to access for external services(such as SSO, SMTP, etc.). Separate multiple entries with commas:

   Enter any domains or IP addresses that your AppScan 360° instance needs to connect to, such as:

   • SMTP servers for email notifications

   • SSO authentication providers (LDAP, OIDC)

   • External CI/CD tools

   Separate multiple entries with commas. Leave empty if no external services are needed.

7. > Is the VM connected with the local DNS server (y/n)? 

   Default is n.

   • y: Your VM is connected to a DNS server. The system use the hostname for network-related configurations.
   • n: Your VM is not connected to a DNS server. The system uses IP addresses directly for network-related configurations.

8. > To plan for long-term storage costs, estimate the number of scan results you plan to retain. > Specify the shared storage capacity in GB [Default: 200]:

   This storage is used for logs, configuration files, persistent data, and scan logs shared between components. Default is 200GB.

   • Press Enter to accept the default value, or,
   • Type in a different number to specify a custom storage value and press Enter.

9. > Do you want to connect with your SMTP Mail Relay (SMR)(y/n)? 

   Default is n.

   An SMTP mail relay is an intermediary server that accepts outgoing emails from your system and forwards them to the recipients' email servers. The relay helps ensure email delivery and can apply certain rules like spam filtering. In AppScan 360°, setup a relay to receive notification emails when a scan is completed, if a scheduled scan kicked off, and so on.

   • y: Integrate AppScan 360° with an SMTP Mail Relay for sending emails from the deployment. When you choose y, enter the appropriate host, port, credentials, and encryption details when prompted for the SMR to complete the connection:

     • > Please enter the SMTP host:

     • > Please enter the SMTP port:

       The port number typically is 25, 465, or 587.

     • > Please enter the SMTP username:

       If authentication is required.

     • Please enter the SMTP password:

       If authentication is required.

     • > Does your SMTP server use SSL/TLS? If yes, a certificate is required to be present in certs/smtp folder (y/n)?

   • n: No SMTP server is set up; users cannot receive any related email notifications.

• 🐳 Docker Registry Configuration
  > What is the external Docker Private Registry (DPR) address (FQDN:PORT)?

• > What is the external Docker Private Registry (DPR) username?

  If authentication is required

• > What is the external Docker Private Registry (DPR) password?

  If authentication is required

• 🐳 Docker registry and Helm repository context names are used to set the context for docker images and helm charts.
  💡 To set these to an empty string(root repository), type EMPTY
  ------------------------------------------------------------------------------------------------
  > What is the docker registry context/repository name [Default: as360-k8s-docker-images]:

• > What is the helm repository context/repository name [Default: as360-k8s-helm-packages]:

🔄 Proxy Service Configuration
Do you want to use a proxy service? (y/n) [Default: n]:

✅ Summary of your choices:
  Installation Mode: Custom (Production)
  Install SCA Kit: [y/n]
  Domain: [your domain]
  Connected to Local DNS: [y/n]
  Storage Size: [size]GB
  Use SMTP Mail Relay: [y/n]
  Docker Private Registry Address: [address]
  Scan Concurrency: SAST=[n], DAST=[n], IAST=[n], SCA=[n]
  MSSQL Host: [host], Port: [port], DB: [database]
  [Additional configuration details...]

> Continue with installation? (y/n) [Default: y]:

Verify that the information is correct and type y.

The AS360 Single VM was installed, to access it do the following:
  1. Add to your 'hosts' file the following line: [IP_ADDRESS] [HOSTNAME].[DOMAIN]
  2. Access https://[HOSTNAME].[DOMAIN] in your browser