Configuration commands (Windows™)
Use configuration commands to prepare your files for scanning.
appscan
prepare
Syntax:
appscan prepare -c <configuration_file> -d <save_path> -jdk <jdk_path> -l <log_path> -n <file_name> -nc, --noConfigFile -oso
Description:
Generate an IRX file.
Optional flags/settings:
-c
: This option is used for configuring a scan.-d
: Specify-d <save_path>
, where<save_path>
is the directory that you want to save the IRX file to.-dr, --dryrun
: Specify-dr or --dryrun
to discover and validate scan targets, but not generate an.irx
file.-jdk
: Specify-jdk <jdk_path>
to indicate the path to your JDK installation to be used in lieu of the default JDK 17. If using a config file (-c <configuration_file>
) and thejdk_path
attribute is used, the value specified in the config file takes precedence.-l
: Specify-l <log_path>
, where<log_path>
is the directory that you want to save the log files to.-n
: Specify-n <file_name>
, where<file_name>
is the IRX file name. You can specify the file name with or without the .irx file extension. If you specify it without the extension, it is automatically added for you when the file is generated.-nc, --noConfigFiles
: Disables the processing of configuration files for Software Composition Analysis (SCA).-oso
: Specify-oso
to look only for known vulnerabilities in SCA packages. When-oso
is specified, AppScan on Cloud does not perform static analysis on the package.Note: When a user has an Open Source license, SCA analysis is part of a static scan by default. This option limits analysis to SCA vulnerabilities. Users must have an Open Source license to take advantage of SCA-only analysis.
Examples:
To generate an IRX file that uses this configuration file, c:\my_config_files\my_config.xml - and that saves the IRX file to c:\my_irx_files\my_scan.irx - issue this command:
appscan prepare -c c:\my_config_files\my_config.xml -d c:\my_irx_files -n my_scan.irx
appscan
prepare_sca
Syntax:
appscan prepare_sca -d <save_path> -l <log_path> -n <file_name> -X, -debug -container <container> -image <image>
Description:
appscan prepare -oso
.Optional flags/settings:
-d
: Specify-d <save_path>
, where<save_path>
is the directory that you want to save the IRX file to.-l
: Specify-l <log_path>
, where<log_path>
is the directory that you want to save the log files to.-n
: Specify-n <file_name>
, where<file_name>
is the IRX file name. You can specify the file name with or without the .irx file extension. If you specify it without the extension, it is automatically added for you when the file is generated.-X,--debug
: Specify-X
or--debug
to run the entire command in debug mode. When run in debug mode, more log files are generated for troubleshooting.-container
: Specify-container <container>
where<container>
is a Docker container to analyze. The value may be a container name, container digest, or the path to a local archive.-image
: Specify-image <image>
where<image>
is a Docker image to analyze. The value may be an image name, image digest, or the path to a local archive.
appscan
get_pubkey
Syntax:
appscan get_pubkey -d <save_path>
Description:
Download the public encryption key for use on a computer that is not connected to the Internet.
If you are generating an IRX
file from a computer that is connected to the Internet, this command is not required since
an encryption key is automatically downloaded when you issue the prepare
command. If an encryption key is already present on the computer, it is updated, if
necessary, when you issue the prepare
command.
However, if you are generating an IRX file from a computer that is not connected to
the Internet, you can download the encryption key by using this command. You can then copy
the encryption key to the computer that is not connected to the Internet for use when you
generate the IRX file. To use the encryption
key on that computer, you must preserve the rsa.pub file name and place
the file in the config directory of the extracted SAClientUtil_<version>_<os>.zip
file (where
<version> is the current version of the Command Line Utility).
prepare
command again to automatically update the encryption key. If your computer is not connected
to the Internet, you need to use the get_pubkey
command.Optional flags/settings:
-d
: Specify-d <save_path>
, where<save_path>
is the directory that you want to save the encryption key to. If this option is not specified, the key is saved to the config directory of the extractedSAClientUtil_<version>_<os>.zip
file.