Deploying a Node.js IAST agent

You can deploy an IAST agent on the application server that supports Java, .NET, Node.js or PHP based applications. This section explains how to create a Node.js agent on your web server.

About this task

Create the Node.js agent using one of the following options:
  • Node.js (agent from npm): Retrieve the agent from the public npm registry using the key obtained from ASoC. Recommended for environments with an internet connection that can access the npm registry.
  • Node.js (download agent): Download the Node.js agent from ASoC as a self-contained tarball, allowing installation without npm access. Recommended for air-gapped or restricted environments without access to the public npm registry.

Installing the agent from npm

About this task

Create an IAST agent using the Node.js (agent from npm) option.

Procedure

  1. Generate a key for the Node.js agent (through the user interface or API).
    Displaying the Node.js option to generate the key
  2. On your web server:
    1. Install the agent from the public npm repository:
      npm install @hclsoftware/secagent
    2. Add the following environment variables:
  3. Edit package.json by locating this line: 
    "start": "node index.js",
    then replace it with this:
    "start": "node -r @hclsoftware/secagent/src/Iast.js index.js",
    Note: Alternatively, you can add the key to the package.json command as follows:
    • Windows: "start": "set IAST_ACCESS_TOKEN=12345 && node -r @hclsoftware/secagent/src/Iast.js index.js"
    • Linux: "start": "IAST_ACCESS_TOKEN=12354 node -r @hclsoftware/secagent/src/Iast.js index.js"
    Tip: If you use Next to run your applications, the IAST agent can be run with the NODE_OPTIONS environment variable before the original command, for example: NODE_OPTIONS='-r @hclsoftware/secagent/src/Iast.js' next app.js
  4. Start your application using npm start.

Results

The IAST agent monitors requests and reports security issues as you use or test your application (for example, run functional tests, run a Dynamic Scan, or explore the app manually).

Installing from a self-contained package

About this task

Create an IAST agent using the Node.js (download agent) option.

Procedure

  1. On your web server, install the agent from the downloaded file: 
    npm install hclsoftware-secagent.tgz
  2. Edit package.json by locating this line: 
    "start": "node index.js",
    then replace it with this:
    "start": "node -r @hclsoftware/secagent/src/Iast.js index.js",
    Tip: If you use Next to run your applications, the IAST agent can be run with the NODE_OPTIONS environment variable before the original command, for example: NODE_OPTIONS='-r @hclsoftware/secagent/src/Iast.js' next app.js
  3. Start your application using npm start.

Results

The IAST agent monitors requests and reports security issues as you use or test your application (for example, run functional tests, run a Dynamic Scan, or explore the app manually).