AppScan Enterprise configuration
With new installations of AppScan® Source version 10.0.2 and newer, you must configure AppScan Enterprise if you want to work in connected mode. These tasks need to be performed once.
- Using a solidDB/Oracle database to store data (upgrade scenarios only).
- Using the AppScan Database Service integrated with AppScan Enterprise to store data (new installations on local or multimachine environments)
- Using AppScan Source as a stand-alone application.
Configuring AppScan Source and AppScan Enterprise to use SolidDB/Oracle to store data.
When upgrading AppScan Source from version 10.0.1 or earlier to version 10.0.2 or later, AppScan Source can continue to use the previously configured SolidDB/Oracle database to store data.
After upgrade, the database should be registered with AppScan Enterprise Server. Use
appscanserverdbmgr.bat/appscanserverdbmgr.sh
to (re)register
the database with AppScan Enterprise Server.
If AppScan Source needs to publish assessments then AppScan Enterprise Server should be installed with both User Administration and Enterprise Console. If you do not intend to publish assessments, then AppScan Enterprise Server can be installed just with User Administration alone.
Using the AppScan Database Service integrated with AppScan Enterprise to store data
Configuring the AppScan Database Service
In AppScan Enterprise:
- Locate the properties file (<ASE_INSTALL_DIR>\AppScanDBService\config\DbService.properties)
- Verify information for the following properties:
Property Default Notes spring.datasource.url spring.datasource.url=jdbc:sqlserver://<IP OR HOSTNAME OF DB SERVER>:<PORT>;databaseName=<DATABASE NAME>;integratedSecurity=true Where:For example: jdbc:sqlserver://localhost:1433;databaseName=source_db;integratedSecurity=true- <IP OR HOSTNAME OF DB SERVER> is the hostname or IP of the MS-SQL server machine.
- <PORT> is port number of the MS-SQL server.
-
<DATABASE NAME> is the database that will be created if one does not exist. The database name is case-sensitive.
Note: This database name should be different than the database used by AppScan Enterprise Server.
server.port 8090 Any change to the port specified here must be mirrored in asc.properties. Restart the AppScan Database Service and ASE services when you change port configuration. rootdir C:/AppScanArtifacts File storage location and metadata in the MS-SQL database. Note: Add this property during initial setup, and do not change it later. Doing so will corrupt data. - Run
<ASE_INSTALL_DIR>\AppScanDBService\config\startup.bat
to start the AppScan Database Service.Starting the service requires the JRE path set in the environment. Set the JRE path to
<ASE_INSTALL_DIR>\Liberty\jre
and start the service.For example:> SET PATH=”C:\Program Files (x86)\IBM\AppScan Enterprise\Liberty\jre\bin”;%PATH% > C:\Program Files (x86)\IBM\AppScan Enterprise\AppScanDBService\config\startup.bat
- Run
<ASE_INSTALL_DIR>\AppScanDBService\config\shutdown.bat
. - Run
<ASE_INSTALL_DIR>\AppScanDBService\config\startup.bat
. - Restart the AppScan Enterprise Server services.
Configuring AppScan Enterprise Server for AppScan Database Service
- Locate the file <ASE_INSTALL_DIR>\Liberty\usr\servers\ase\config\asc.properties.
- Add the property ase.source.dbserver.url to asc.properties as follows, specifying the localhost name for the AppScan Enterprise Server: ase.source.dbserver.url=http://localhost:8090.
- Restart the AppScan Enterprise Server services.
User management
- Create and share a custom rule.
- Delete a published assessment on the server.
- Publish a new assessment to the server.
- Retrieve a published assessment from the server.
- Share a filter using the server.
- Share a scan configuration using the server.
- Create a PBSA scan rule on the server.
Data backup
- The MS-SQL database holds the metadata of all the shared information.
The database name is configured in
DbService.properties
. - The file system holds the actual files that are shared from AppScan
Source.This file system path
for the data is configured in
DbService.properties
.