AppScan Source deployment models
This section describes three different deployment models and the components that comprise each model.
The AppScan® Source products (coupled with the AppScan Enterprise Server) support several deployment options to meet varied organizational requirements. Client and server components comprise the product solution, and each component serves a specific purpose. Some deployment models require all components while others need only a few. Furthermore, some information technology policies require deployment of certain server components on separate computers versus all components on one computer.
This section describes three different deployment models:
The deployment that best fits your needs could be a combination of models. This table provides a brief description of each deployed AppScan Source product or component.
Component | Description |
---|---|
AppScan Source for Analysis | A workbench to analyze, isolate, and take action on priority vulnerabilities. Provides security analysts, QA managers, and development managers with fast time-to-results. AppScan Source for Analysis must communicate with the AppScan Enterprise Server. |
AppScan Source for Development | IDE-integrated components focused on remediation of vulnerabilities at the line of code level. AppScan Source for Development only communicates with the AppScan Enterprise Server when scanning source code. |
AppScan Source Database | An out-of-the-box database that persists the AppScan Source Security Knowledgebase data,
assessment data, and application/project inventory. Important: When scanning, AppScan Enterprise
Server and AppScan
Source clients (except AppScan Source for
Development) both require a direct connection to
the AppScan Source
Database (either solidDB® or Oracle). |
AppScan Source for Automation | Automate key aspects of the AppScan Source workflow and integrate scans with build environments during the software development life cycle (SDLC). The Automation Server processes requests to scan and publish assessments and generate reports. It runs as a service/daemon and must communicate with the AppScan Enterprise Server. |
AppScan Source command line interface (CLI) client | Provides command line access to various AppScan
Source functions
to enable integration, automation, and scripting, in addition to the
functions provided by AppScan Source for
Automation. The CLI must communicate with the AppScan Enterprise Server. |
Each of the components in the table must communicate with an AppScan Enterprise Server. The server provides centralized user management capabilities and a mechanism for sharing assessments via the AppScan Source Database. In addition, if your administrator has installed the Enterprise Console component of the AppScan Enterprise Server, you can publish assessments to it. The Enterprise Console offers a variety of tools for working with your assessments - such as reporting features, issue management, trend analysis, and dashboards.