Publishing assessments to the AppScan Enterprise Console
If your AppScan® Enterprise Server has been installed with the Enterprise Console option, you can publish assessments to it. The Enterprise Console offers a variety of tools for working with your assessments - such as reporting features, issue management, trend analysis, and dashboards.
About this task
Before you can publish assessments to the Enterprise Console, you must configure server settings in the AppScan Enterprise Console preference page. For information about setting preferences, see AppScan Enterprise Console preferences.
Procedure
-
Use one of these methods to publish one or more assessments to the Enterprise Console:
- Select one or more assessments in the My Assessments view and then click Publish Assessment to AppScan Enterprise Console.
- Right-click the assessment (or a selection of assessments) in the My Assessments view and select the Publish Assessment to AppScan Enterprise Console menu item.
- When an assessment is open, choose from the main menu.
-
In the Publish to AppScan Enterprise Console dialog box:
- Click Publish.
Results
When saving an assessment, AppScan Source for Analysis writes absolute paths to the assessment file to reference items such as source files. These absolute paths may cause difficulty in sharing the file on another computer that has a different directory structure. To be able to create portable assessment files, you should create a variable (see Defining variables or Defining variables when publishing and saving).
After the assessment has been published, a link to AppScan Enterprise (Enterprise Console) will be provided in an information message. Clicking the link will open the portal page in your default external web browser.
- Large assessments may take longer to appear at the portal. If you receive no error messages after publishing and the report does not appear at the portal, check with your administrator.
- Any attempts to publish an assessment that has the same name as one that is currently being processed by the Enterprise Console will fail. In addition, if you publish the commonly-named assessment after the first one has been processed, the second assessment will overwrite the first one (the Enterprise Console can provide a trending analysis for commonly-named reports if it has been configured to do so ahead-of-time). To determine if an assessment has finished processing, access the Enterprise Console control center in a web browser and then navigate to the appropriate user folder and check the status of the report.
- AppScan Source does not support publishing to an Enterprise Console instance that has been configured to use proxy settings. Attempting to publish to an instance that uses proxy settings will result in an error.
When you upgrade to AppScan Source Version 9.0.3.4, you will notice these changes:
- When you publish an assessment to AppScan Enterprise Console, you must now associate the assessment with an application in AppScan Enterprise (if you are running AppScan Enterprise Server Version 9.0.3 and higher). As a result, automation scripts may fail if they do not include application association. In AppScan Enterprise Server, application association is required if you want to take advantage of AppScan Enterprise Server application security risk management features. See http://help.hcl-software.com/appscan/Enterprise/9.0.3/topics/c_overview.html.
- In addition, you must remove the port from the AppScan Enterprise
URL.
- In AppScan Source for Analysis, click .
- In the AppScan Enterprise Console settings, remove the port from the Enterprise Console URL field.
- After you publish your assessment, it will only be available in the AppScan Enterprise Monitor view (in previous releases, the assessment was available in the AppScan Enterprise Scans view). Migrating to this view is described in http://help.hcl-software.com/appscan/Enterprise/9.0.3/topics/t_workflow_for_applications.html.
This is the result of a changed communication protocol between AppScan Source and AppScan Enterprise Server that is required for publishing to AppScan Enterprise Server when using Common Access Card (CAC) authentication.
If you do not want to publish assessments to AppScan Enterprise Server when CAC authentication is enabled - or if you do not want to take advantage of Enterprise Server application security risk management features - you can revert to the previous communication protocol as follows:
- Open <data_dir>\config\ounce.ozsettings (where <data_dir> is the location of your AppScan Source program data, as described in Installation and user data file locations)).
- In this file, locate this
setting:
<Setting name="force_ase902_assessment_publish" value="false" default_value="false" description="Use ASE 9.0.2-style assessment publish" display_name="Use ASE 9.0.2-style assessment publish" type="boolean" read_only="true" hidden="true" />
- In the setting, change
value="false"
tovalue="true"
and then save the file. - Restart the AppScan Source product that you will publish assessments from.
When this setting is set to value="true"
:
- If you associate an assessment with an application in AppScan Enterprise when publishing, the assessment will be available in the Monitor and Scans views.
- If you do not associate an assessment with an application when publishing, the assessment will be available in the Scans view.
- You will not be able to publish assessments to AppScan Enterprise Server when CAC authentication is enabled.
For further information, see Publishing from AppScan Source version 9.0.3.4 and higher to AppScan Enterprise requires application.