Deploying a Python IAST agent

This topic explains how to deploy the Python IAST agent on your web server.

Procedure

  1. Download the ASoC Python IAST agent:
    1. Follow the instructions provided here to download the agent.
  2. Extract the ZIP file:
    1. Unzip the downloaded file to access its contents.
  3. Deploy the IAST agent:
    Run the installation script: 
    install_secagent.py

    When the installation completes, it:

    1. Creates a secagent folder in your Python site-packages directory.
    2. Creates an asoc-config folder inside the secagent folder.
    3. Creates a .pth file in the site-packages directory.
  4. Run the Python agent using one of the following options:
    Supported environment: Python 3.10+ with Flask.

Running the Python agent with wrapper

About this task

To enable the agent on a per-process (opt-in) basis, start your application by using the wrapper and updating your existing command. This loads the agent only for that specific Python process and does not affect other Python applications.

Examples:

Procedure

  1. Instead of python app.py, run secagent python app.py.
  2. Instead of python -m flask run, run secagent python -m flask run.

Results

The wrapper:
  • Sets the SECAGENT_ENABLE environment variable.
  • Starts the agent.
  • Runs your application.

Running the Python agent with environment variable

About this task

Set the required environment variable before starting your Python process. This loads the agent automatically for all Python applications started in that environment.

Procedure

  1. Set the environment variable: SECAGENT_ENABLE=true
  2. Then start your application normally (no wrapper): python app.py

Results

  • The agent is enabled automatically.
  • It applies to every Python process started with this environment variable set.

Running the Python agent with sitecustomize

About this task

Use sitecustomize to apply startup configuration automatically to all Python processes. When sitecustomize is available on sys.path, Python imports it during initialization. This lets you to set environment defaults, configure proxies or certificates, and apply other global settings without changing individual scripts.

Procedure

  1. Run: Sitecustomize-install.
  2. Then start your application normally (no wrapper): python app.py.

Results

After you run the installer, it:
  • Copies sitecustomize.py into the main site-packages directory.
  • The agent is automatically loaded for all Python processes.