Prerequisites Setup Guide

Introduction

This document provides a comprehensive checklist of prerequisites for deploying HCL AppScan 360°, covering the Deployment Server, Kubernetes Cluster, External Dependencies, and resource requirements.

Deployment Server Prerequisites

The Deployment Server is a Linux-based system used to initiate and manage the AppScan 360° deployment.

Category Requirement
Operating system Ubuntu 22.04 / Ubuntu 24.04 / RHEL 9
Software
  • Bash shell - Required for running installation scripts
  • Docker - For local container service on Ubuntu (see Docker Installation)
  • Podman - For local container service on RHEL (often preinstalled)
  • Kubectl - For Kubernetes cluster management (see Kubectl Installation)
  • Helm 4 - For chart deployments (see Helm Installation)
Note:

For fresh installations and Proofs of Concept (POCs), ensure the host timezone is set to UTC before starting the installation.

If the host is set to a local timezone, scan execution may fail for a short period after deployment until certificates synchronize with UTC

.

Kubernetes Cluster Prerequisites (For Distributed Environment)

  • For installations using One Click Installer or Helm Based Installer, a Kubernetes cluster is required. The cluster must meet the following prerequisites to ensure compatibility and optimal performance of the AppScan 360° platform.

  • The Kubernetes cluster hosts the AppScan 360° platform and requires specific components and configurations.

Category Requirement
Components

  • Gateway controller (Gateway API v1.4.0 compliant)

  • Cert-manager (v1.11.0 or compatible)
Storage

  • Storage class with ReadWriteMany (RWX) access mode

  • Kubernetes CSI driver with fsGroup security context support
Networking

  • Dual-stack IPv4/IPv6 (if IPv6 required)

  • Network policy support for encrypted communication
Worker nodes
References
Note: For dynamic scanning, increase the number of inotify instances in the kernel in all nodes where dynamic scans are run:

  • Add fs.inotify.max_user_instances=524288 to /etc/sysctl.conf .

  • Reboot the node for the changes to take effect.

  • For smaller clusters, 32800 may suffice, but 524288 is recommended for robust dynamic scanning.

Validate Configuration

  • Verify prerequisites with the following commands:
    Check Command
    Kubernetes Connectivity kubectl version
    Docker Connectivity docker version
    Helm Connectivity helm version
    Cert-Manager kubectl get pods --namespace cert-manager
    Gateway Connectivity kubectl get gatewayclass
    Storage class kubectl get storageclass
    Persistent volumes kubectl get pv
    SQL Connectivity ping <MSSQL_SERVER_IP>
    Container Registry Login docker login <PRIVATE_REGISTRY_URL>
  • Utilize AppScan 360° Setup Assistant for interactive validation of configuration parameters and connectivity before deployment.

External Dependencies

AppScan 360° relies on external services that must be configured and accessible.
Category Requirement
Database

MSSQL Server 2019 or above, with db_creator permissions. Approximately 150 KB storage per scan execution.
Authentication SSO via OIDC (Keycloak / Okta) OR LDAP (Microsoft Active Directory / Domino) via port 389/636/TCP
Email SMTP Server via port 25/TCP for notifications
Licensing HCL License Management Portal via port 443/TCP (requires HCL ID)
Container Registry Remote container registry for storing and pulling AppScan 360° container images
Network Trusted certificate for secure communication (import untrusted certs into client JRE keystore if needed)
Storage File storage for scan data (see Storage Requirements)
HCL Harbor For maintaining up-to-date issue catalog and vulnerability data for SCA scans

Additional Notes

  • HCL ID - Required for accessing HCL License and Download Portal and HCL Harbor

  • Browser Support - Use the latest versions of Chrome, Safari, Edge, or Firefox for the AppScan 360° user interface

  • Screen Resolution - Recommended resolution is 1920x1080 for optimal display

  • DNS - Publish the FQDN with the designated IP in the DNS server

Network Ports:

  • 22/TCP - SSH to Deployment Server

  • 25/TCP - SMTP

  • 389/TCP - LDAP

  • 80, 443, 8080/TCP - Web access

  • 5443,6443,7443,8443/TCP - Additionally required only for Single VM Setup.

Access Points:

  • User Portal: https://<CK_CONFIGURATION_DISCLOSED_SITE_URL>
  • User API: https://<CK_CONFIGURATION_DISCLOSED_SITE_URL>/api
  • User API (Swagger): https://<CK_CONFIGURATION_DISCLOSED_SITE_URL>/swagger

Default local users:

  • Admin — password: Admin12!

  • User — password: User123!