Publishing assessments to AppScan Enterprise
Depending on your installation, you can publish assessments to AppScan® Enterprise and/or the Enterprise Console for access in the Published Assessments view. AppScan Enterprise and the Enterprise Console offer a variety of tools for working with your assessments, such as reporting features, issue management, trend analysis, and dashboards.
About this task
If you have upgraded to AppScan Source version 10.0.2 from an earlier version, you can publish to the AppScan Enterprise Console. If you have a new installation of AppScan Source version 10.0.2, you can publish directly to AppScan Enterprise or to the AppScan Enterprise Console.
Before you can publish assessments to AppScan Enterprise or the Enterprise Console, you must configure server settings in AppScan Enterprise. For information on configuring server settings in AppScan Enterprise, see AppScan Enterprise configuration. For information about setting preferences in AppScan Enterprise Console, see AppScan Enterprise Console preferences.
Procedure
-
If you upgraded to AppScan
Source
version 10.0.2 or newer, use one of these methods to publish one or more
assessments to the Enterprise
Console:
- Select one or more assessments in the My Assessments view and then click Publish Assessment to AppScan Enterprise Console.
- Right-click the assessment (or a selection of assessments) in the My Assessments view and select the Publish Assessment to AppScan Enterprise Console menu item.
- When an assessment is open, choose from the main menu.
-
If you have a new installation of AppScan
Source version 10.0.2, use one of
these methods to publish one or more assessments to AppScan
Enterprise or the Enterprise
Console:
- Select one or more assessments in the My Assessments view and then either click Publish Results to AppScan Enterprise to publish to the Enterprise Console or Publish Assessment file to AppScan Enterprise to save the assessment file to AppScan Enterprise.
- Right-click the assessment (or a selection of assessments) in the My Assessments view and then either select the Publish Results to AppScan Enterprise menu item to publish to the Enterprise Console or Publish Assessment file to AppScan Enterprise menu item to save the assessment file to AppScan Enterprise.
- When an assessment is open, choose Enterprise Console or choose from the main menu to save the assessment file to AppScan Enterprise. from the main menu to publish to the
-
In the Publish to AppScan Enterprise Console dialog box:
- Click Publish.
Results
When saving an assessment, AppScan Source for Analysis writes absolute paths to the assessment file to reference items such as source files. These absolute paths may cause difficulty in sharing the file on another computer that has a different directory structure. To be able to create portable assessment files, you should create a variable (see Defining variables or Defining variables when publishing and saving).
After the assessment has been published, a link to AppScan Enterprise (Enterprise Console) will be provided in an information message. Clicking the link will open the portal page in your default external web browser.
- Large assessments may take longer to appear at the portal. If you receive no error messages after publishing and the report does not appear at the portal, check with your administrator.
- Any attempts to publish an assessment that has the same name as one that is currently being processed by the Enterprise Console will fail. In addition, if you publish the commonly-named assessment after the first one has been processed, the second assessment will overwrite the first one (the Enterprise Console can provide a trending analysis for commonly-named reports if it has been configured to do so ahead-of-time). To determine if an assessment has finished processing, access the Enterprise Console control center in a web browser and then navigate to the appropriate user folder and check the status of the report.
- AppScan Source does not support publishing to an Enterprise Console instance that has been configured to use proxy settings. Attempting to publish to an instance that uses proxy settings will result in an error.
When you upgrade to AppScan Source Version 9.0.3.4, you will notice these changes:
- When you publish an assessment to AppScan Enterprise Console, you must now associate the assessment with an application in AppScan Enterprise (if you are running AppScan Enterprise Server Version 9.0.3 and higher). As a result, automation scripts may fail if they do not include application association. In AppScan Enterprise Server, application association is required if you want to take advantage of AppScan Enterprise Server application security risk management features. See http://help.hcl-software.com/appscan/Enterprise/10.0.0/topics/c_overview.html.
- In addition, you must remove the port from the AppScan Enterprise
URL.
- In AppScan Source for Analysis, click .
- In the AppScan Enterprise Console settings, remove the port from the Enterprise Console URL field.
- After you publish your assessment, it will only be available in the AppScan Enterprise Monitor view (in previous releases, the assessment was available in the AppScan Enterprise Scans view). Migrating to this view is described in http://help.hcl-software.com/appscan/Enterprise/10.0.0/topics/t_workflow_for_applications.html.
This is the result of a changed communication protocol between AppScan Source and AppScan Enterprise Server that is required for publishing to AppScan Enterprise Server when using Common Access Card (CAC) authentication.
If you do not want to publish assessments to AppScan Enterprise Server when CAC authentication is enabled - or if you do not want to take advantage of Enterprise Server application security risk management features - you can revert to the previous communication protocol as follows:
- Open <data_dir>\config\ounce.ozsettings (where <data_dir> is the location of your AppScan Source program data, as described in Installation and user data file locations)).
- In this file, locate this
setting:
<Setting name="force_ase902_assessment_publish" value="false" default_value="false" description="Use ASE 9.0.2-style assessment publish" display_name="Use ASE 9.0.2-style assessment publish" type="boolean" read_only="true" hidden="true" />
- In the setting, change
value="false"
tovalue="true"
and then save the file. - Restart the AppScan Source product that you will publish assessments from.
When this setting is set to value="true"
:
- If you associate an assessment with an application in AppScan Enterprise when publishing, the assessment will be available in the Monitor and Scans views.
- If you do not associate an assessment with an application when publishing, the assessment will be available in the Scans view.
- You will not be able to publish assessments to AppScan Enterprise Server when CAC authentication is enabled.
For further information, see Publishing from AppScan Source version 9.0.3.4 and higher to AppScan Enterprise requires application.