AppScan Source for Automation
The Automation Server (ounceautod)
allows you to automate key aspects of the AppScan®
Source workflow
and integrate security with build environments during the software
development life cycle (SDLC). The Automation Server allows
you to queue requests to scan and publish assessments, and generate
reports on the security of application code.
Through
the AppScan Source for
Automation client
command line executable (ounceauto), you submit requests
to the server. When processing requests, the Automation Server runs
as a client of the associated AppScan Enterprise
Server and
can connect only to a single AppScan Enterprise
Server.
It listens on a TCP port (default 13205) for connections from local
host only.
- On Windows™ systems, the Automation Server runs as the HCL AppScan Source Automation service.
- On Linux™ systems,
it runs as a daemon:
- To stop the daemon, issue this command:
/etc/init.d/ounceautod stop - To start the daemon, issue this command:
/etc/init.d/ounceautod start
- To stop the daemon, issue this command:
The Automation Server processes
requests as a specified AppScan
Source user
and thus inherits the permissions of that user. This user ID must
have whatever permissions it needs, depending on the commands it needs
to run. For example, if the user ID needs to run the PublishAssessment command,
the user ID can be given publish and register permissions and does
not require permission to scan (refer to the Administering AppScan
Source section
of the AppScan
Source Installation
and Administration Guide for more details). Submitting a request
to the Automation Server does
not require user credentials.