AppScan Source deployment models
This section describes three different deployment models and the components that comprise each model.
The AppScan® Source products (coupled with the AppScan Enterprise Server) support several deployment options to meet varied organizational requirements. Client and server components comprise the product solution, and each component serves a specific purpose. Some deployment models require all components while others need only a few. Furthermore, some information technology policies require deployment of certain server components on separate computers versus all components on one computer.
This section describes three different deployment models:
The deployment that best fits your needs could be a combination of models. This table provides a brief description of each deployed AppScan Source product or component.
Component | Description |
---|---|
AppScan Source for Analysis | A workbench to analyze, isolate, and take action on priority vulnerabilities. Provides security analysts, QA managers, and development managers with fast time-to-results. AppScan Source for Analysis can be used while connected to AppScan Enterprise Server or in disconnected mode. |
AppScan Source for Development | IDE-integrated components focused on remediation of vulnerabilities at the line of code level. AppScan Source for Development only communicates with the AppScan Enterprise Server when scanning source code. |
AppScan Source for Automation | Automate key aspects of the AppScan Source workflow and integrate scans with build environments during the software development life cycle (SDLC). The Automation Server processes requests to scan and publish assessments and generate reports. It runs as a service/daemon and must communicate with the AppScan Enterprise Server. |
AppScan Source command line interface (CLI) client | Provides command line access to various AppScan
Source functions
to enable integration, automation, and scripting, in addition to the
functions provided by AppScan Source for
Automation. The CLI must communicate with the AppScan Enterprise Server. |
For full functionality, each of the components in the table must communicate with an AppScan Enterprise Server. The server provides centralized user management capabilities and a mechanism for sharing assessments. In addition, if your administrator has installed the Enterprise Console component of the AppScan Enterprise Server, you can publish assessments to it. The Enterprise Console offers a variety of tools for working with your assessments - such as reporting features, issue management, trend analysis, and dashboards.