IAST environment variables and Java properties
Some low-level IAST behavior can be controlled with user parameters.
Here are a few options, ordered by their priority:
- Set an environment variable
- Add a Java property, using
-Dproperty_name=property_value
in the Java command - Add a property to MANIFEST.MF file, inside
Secagent.war
underMETA-INF
directory
Environment variable name | Java property name / Manifest name | Description | Value |
---|---|---|---|
IAST_LOG |
secagent.log |
Specify a file to be used as the IAST log. Note: File must exist. |
File name |
FLUSH_ON_EVERY_WRITE |
secagentFlushOnEveryWrite |
When set, log prints are not buffered. This is useful for debug sessions to get the log filled immediately. | True/False |
IAST_MEMORY_DEBUG |
secagentMemoryDebug |
Turns on memory usage debug prints approximately every 10 seconds. | True/False |
IAST_GC_DEBUG |
secagentGcDebug |
Turns on GC activity debug prints. | True/False |
IAST_ACCESS_TOKEN |
n/a | Access token for communication with IAST session in ASoC and AppScan Enterprise. Important: Setting this variable
overrides the default value embedded in the agent when
downloaded from ASoC or AppScan Enterprise. |
For an existing agent, it can be obtained by choosing Generate new key in the drop-down menu. |
IAST_ACCESS_TOKEN |
n/a | Relevant for AppScan Enterprise users:
ASE HOST URL Important: Setting
this variable overrides the default value embedded in the
agent when downloaded from ASoC or
AppScan Enterprise. |
URL or IP for accessing AppScan Enterprise instance. |
IAST_RUNTIME_SCA |
n/a | Enables runtime detection of libraries in addition to standard IAST functionality. | True/False |
IAST_SCA_PROD |
n/a | Enables runtime detection of libraries and disables standard IAST functionality. | True/False |
Examples
Setting log file through Java property:
Java -Dsecagent.log=/tmp/myLogDir/MySecagentLog.txt <myApp.jar>
Setting ASoC token through environment
variable:
Set IAST_ACCESS_TOKEN RUO5+3JYKRKRSNH7HEIyY3HQWZrWYnNMDCRL0HAw=