AppScan® Source deployment models

This section describes three different deployment models and the components that comprise each model.

The AppScan® Source products (coupled with the AppScan® Enterprise Server) support several deployment options to meet varied organizational requirements. Client and server components comprise the product solution, and each component serves a specific purpose. Some deployment models require all components while others need only a few. Furthermore, some information technology policies require deployment of certain server components on separate computers versus all components on one computer.

This section describes three different deployment models:

The deployment that best fits your needs could be a combination of models. This table provides a brief description of each deployed AppScan® Source product or component.

Note: As of version 9.0.3.11, AppScan® Source no longer supports macOS or iOS Xcode scanning.
Component Description
AppScan® Source for Analysis A workbench to analyze, isolate, and take action on priority vulnerabilities. Provides security analysts, QA managers, and development managers with fast time-to-results. AppScan® Source for Analysis can be used while connected to AppScan® Enterprise Server or in standalone mode.
AppScan® Source for Development IDE-integrated components focused on remediation of vulnerabilities at the line of code level. AppScan® Source for Development only communicates with the AppScan® Enterprise Server when scanning source code.
AppScan® Source for Automation Automate key aspects of the AppScan® Source workflow and integrate scans with build environments during the software development life cycle (SDLC). The Automation Server processes requests to scan and publish assessments and generate reports. It runs as a service/daemon and must communicate with the AppScan® Enterprise Server.
AppScan® Source command line interface (CLI) client Provides command line access to various AppScan® Source functions to enable integration, automation, and scripting, in addition to the functions provided by AppScan® Source for Automation.

The CLI must communicate with the AppScan® Enterprise Server.

For full functionality, each of the components in the table must communicate with an AppScan® Enterprise Server. The server provides centralized user management capabilities and a mechanism for sharing assessments. In addition, if your administrator has installed the Enterprise Console component of the AppScan® Enterprise Server, you can publish assessments to it. The Enterprise Console offers a variety of tools for working with your assessments - such as reporting features, issue management, trend analysis, and dashboards.