Custom installation of AppScan 360° on a single virtual machine

Custom install allows you to test AppScan 360° with a complete configuration; you can use this installation mode for a production level deployment of AppScan 360°.

💡 Best Practice: It is recommended to run AppScan 360 Setup Assistant before every new installation or major upgrade to ensure environmental readiness and prevent installation failures.

Note:

Perform all installation and configuration activities as an Administrator on the target system.
The AppScan 360° single VM setup script asks a series of questions to configure your environment. Review the setup information at Prerequisites Setup Guide and gather the information you will need to complete the installation.

Prepare installation files

Download the AppScan 360° single VM script and the AppScan 360° installation files from MyHCLSoftware portal to a single directory location under /home/username. For example, /home/username/AppScan360_singleVM.
Files included in the directory should be:
- AppScan360_SingleVMsetup_v2.1.0.run
- AppScan360_v2.1.0.run
- AppScan360_ASRA_v2.1.0.run
- AppScan360_DTCS_v2.1.0.run (Required for DAST Scan features)
- AppScan360_SCA_v2.1.0.run (Optional)
Create a directory for installation and move all files there. All installation kit files must be in the same directory.
```
mkdir -p ~/aio-setup
mv *.run ~/aio-setup/
```
In the installation folder, provide executable permission to the installer by running:
```
cd ~/aio-setup
chmod +x *.run
```

Place Certificates (If required)

If you use custom or self-signed certificates for services such as SSO (LDAP, OIDC) or SMTP, prepare the certificates folder.

sudo ./AppScan360_SingleVMsetup_v2.1.0.run -- $PWD prepareCertsFolders

The command creates the following folder structure:


Folder	Function
`~/aio-setup/certs/`	Main certificates folder
`~/aio-setup/certs/docker/`	Docker Registry certificates (not needed for POC mode)
`~/aio-setup/certs/ldap/`	LDAP certificates (for LDAPS support)
`~/aio-setup/certs/smtp/`	SMTP certificates (for SMTPS support)
`~/aio-setup/certs/oidc/`	OIDC certificates (for OIDCS support)
`~/aio-setup/certs/ingress/`	Ingress certificates (optional, self-signed will be generated if not provided)

After creating the folder structure, place certificates in the appropriate folders before proceeding.

Run installation

Run installation via below command

Note: Specify the folder location of the files(In this case, present working directory), even though you are installing from the folder location.
```
cd ~/aio-setup
sudo ./AppScan360_SingleVMsetup_v2.1.0.run -- $PWD
```
Note: To stop the install for any reason, press CTRL+C, then run
```
cd aioWorkspace
./disengageAS360-AIO.sh
```
Installation log files are located at ./aioWorkspace/logs

When prompted as below, type 1 to specify Custom/Production installation. Press Enter.

Please select your installation path:
1. 🚀  Express Mode (POC)
2. 🛠️  Custom Mode (Production)
Enter 1 or 2 [Default: 1]:

The installation procedure asks a series of questions based on your inputs
```
> Will this production deployment include Software Composition 
Analysis (SCA)? This requires license. (y/n) [Default: n]:
```
- Default is n.
  - y: Include the Software Composition Analysis (SCA) component in your installation. SCA allows you to analyze applications for open-source component vulnerabilities.
  - n: Do not include the Software Composition Analysis (SCA) component in your installation.
- Production installations must configure an external MSSQL database. Respond to prompts as they are presented.
```
🛢️ *** Database Configuration ***
> Enter Database Hostname or IP:
```
```
> Enter Database Port [Default: 1433]:
```
```
> Enter Database User for AppScan:
```
```
> Enter Database User Password:
```
```
> Enter the name for the main AppScan database [Default: AppScanCloudDB]:
```
- If you opted to include Software Composition Analysis (SCA) in the installation:
  - Enter the SCA database name:
```
> Please provide a name for the new SCA database [Default:
 AppScan360_SCA_DB]:
```
  - Enter the SCA aggregation database name:
```
> Please provide a name for the new SCA Aggregation database 
[Default: > AppScan360_SCA_Aggregation_DB]:
```
  - Enter the registry information for SCA updates or accept the defaults where applicable:
```
> SCA Registry Address [Default: hclcr.io]:
> SCA Registry Path [Default: appscan360/as360-k8s-docker-images]:
> SCA Registry Username (typically your ID):
> SCA Registry Password/Token:
> SCA Helm Repository Path [Default:appscan360/as360-k8s-helm-packages]:
```
  - Note: Use your ID and password/token to enable automatic updates for the SCA vulnerability database. Your system must be connected to the internet for automatic updates.
```
🔗 Network Configuration
> Please enter the primary domain name for this installation. This 
will be used to create the access URL (e.g., yourcompany.com):
```
- This is a required field with no default value. The domain name specified is used to create the access URL for your AppScan 360° instance. For example, if you enter appscan-test.local, your AppScan 360° URL will be https://hostname.appscan-test.local.
  The domain name should be easy to remember, unique within your network environment, and should not conflict with existing domains.
```
> Please enter the external domain(s) or IP(s) that this instance 
will need to access for external services(such as SSO, SMTP, 
etc.). Separate multiple entries with commas:
```
- Enter any domains or IP addresses that your AppScan 360° instance needs to connect to, such as:
  - SMTP servers for email notifications
  - SSO authentication providers (LDAP, OIDC)
  - External CI/CD tools
- Separate multiple entries with commas. Leave empty if no external services are needed.
```
> Is the VM connected with the local DNS server (y/n)?
```
- Default is n.
  - y: Your VM is connected to a DNS server. The system uses the hostname for network-related configurations.
  - n: Your VM is not connected to a DNS server. The system uses IP addresses directly for network-related configurations.
```
> To plan for long-term storage costs, estimate the number of scan 
results you plan to retain. > Specify the shared storage capacity 
in GB [Default: 200]:
```
- This storage is used for logs, configuration files, persistent data, and scan logs shared between components. The default is 200GB.
  - Press Enter to accept the default value, or,
  - Type in a different number to specify a custom storage value and press Enter.
```
> Do you want to connect with your SMTP Mail Relay (SMR)(y/n)?
```
- Default is n.
  An SMTP mail relay is an intermediary server that accepts outgoing emails from your system and forwards them to the recipients' email servers. The relay helps ensure email delivery and can apply certain rules like spam filtering. In AppScan 360°, setup a relay to receive notification emails when a scan is completed, if a scheduled scan kicked off, and so on.
  - y: Integrate AppScan 360° with an SMTP Mail Relay for sending emails from the deployment. When you choose y, enter the appropriate host, port, credentials, and encryption details when prompted for the SMR to complete the connection:
```
> Please enter the SMTP host:
```
```
> Please enter the SMTP port:
```
  - The port number typically is 25, 465, or 587.
```
> Please enter the SMTP username:
```
  - If authentication is required.
```
Please enter the SMTP password:
```
  - If authentication is required.
```
> Does your SMTP server use SSL/TLS? If yes, a certificate is 
required to be present in certs/smtp folder (y/n)?
```
  - n: No SMTP server is set up; users cannot receive any related email notifications.
- Select if Local DPR to be setup, if no external DPR could be brought in
```
> Do you want the kit to install and manage a local Docker Private 
Registry (DPR) on this VM? (y/n) [Default: n]:
```
- If y - it will skip further docker queries and set up default values for them. If n enter DPR details as further questions follows
  - Docker registry configuration:
```
🐳 Docker Registry Configuration
> What is the external Docker Private Registry (DPR) address (FQDN:PORT)?
```
```
> What is the external Docker Private Registry (DPR) username?
```
  - If authentication is required
```
> What is the external Docker Private Registry (DPR) password?
```
  - If authentication is required
```
🐳 Docker registry and Helm repository context names are used to 
set the context for docker images and helm charts.
💡 To set these to an empty string(root repository), type EMPTY
----------------------------------------------------------------
--------------------------------
> What is the docker registry context/repository name [Default: 
as360-k8s-docker-images]:
```
```
> What is the helm repository context/repository name [Default: as360-k8s-helm-packages]:
```
```
🔄 Proxy Service Configuration
> Do you want to use a proxy service? (y/n) [Default: n]:
```
  - y: Configure a proxy service.
```
> What is the proxy host?
```
```
> What is the proxy port?
```
```
> Does the proxy require user/password credentials? (y/n):
```
```
> What is the proxy username?:
```
```
> What is the proxy password?:
```
  - n: Skip proxy configuration.

The installation displays a summary of your choices and asks if you want to continue the installation.

✅ Summary of your choices:
  Installation Mode: Custom (Production)
  Install SCA Kit: [y/n]
  Domain: [your domain]
  Connected to Local DNS: [y/n]
  Storage Size: [size]GB
  Use SMTP Mail Relay: [y/n]
  Docker Private Registry Address: [address]
  Scan Concurrency: SAST=[n], DAST=[n], IAST=[n], SCA=[n]
  MSSQL Host: [host], Port: [port], DB: [database]

> Continue with installation? (y/n) [Default: y]:

Verify that the information is correct and type y to proceed further, if incorrect or to be changed type n and press Enter
The installation proceeds with installing and configuring:
- Kubernetes cluster (K0S)
- Docker Private Registry (DPR) if selected
- AppScan 360° central platform(ASCP) and components.
- AppScan Remediation Advisories (ASRA)
- DAST Template Converter Service(DTCS)
- Software Composition Analysis (SCA), if selected
- Connections to your external database and Docker registry

Installation may take some time depending on your system and network speed. When complete, the installation displays a completion message:

The AS360 Single VM was installed, to access it do the following:
  1. Add to your 'hosts' file the following line: [IP_ADDRESS] 
[HOSTNAME].[DOMAIN]

2. Access https://[HOSTNAME].[DOMAIN] in your browser

Add the IP address and host name as provided to your host file.


Operating system	Host file location
Linux, MacOS	`/etc/hosts`
Windows	`C:\Windows\System32\drivers\etc\hosts`

For example:

192.168.1.100 appscan.appscan-test.local

Logging into and activating AppScan 360°

To login and activate AppScan 360°:

Access the AppScan 360° interface using the specified URL (https://[HOSTNAME].[DOMAIN])
Log in with the default credentials:
- Username: Admin
- Password: Admin12!
Upload your AppScan 360° license file to activate the product.

Note: We recommend that you backup regularly, including:

Database (Periodically).
Configuration files in the installation directory. (in ~/aio-setup/aioWorkspace/conf directory)
License information.

Changing installation method

To install AppScan 360° in a distributed environment, follow the instructions in Distributed installation of AppScan 360°. It is a completely new process.

Common installation issues


Issue	Solution
Database connection failures	Verify database credentials and network connectivity
Insufficient disk space	Ensure VM has adequate storage as per requirements
Certificate errors	Check certificate formats and file names in the certs folders
Docker registry connectivity	Verify registry credentials and network connectivity