Preparing the configuration file

After setting up the AppScan 360° environment and before installing, prepare the configuration file, singular-singular.clusterKit.properties. This is the file to which the ASCP and AppScan Remediation Advisories installation files refer during installation.

To prepare the configuration file:
  1. Create a new file in the text editor of your choice.
  2. Populate the file with appropriate parameters as described in the table below.
    Note: You can supply a server certificate as part of the customization file to be used as the service entry point ingress certificate. If used, it should be provided as a PEM-structured certificate, as follows:
    • Public key in *.crt or *.cer file
    • Private key in *.key file
  3. Name the file singular-singular.clusterKit.properties and save it to the folder to which you have saved, or intend to save, the installation kit.
    Note: The self-extracting installation file must be able to locate this file during the installation process.

Configuration notes

You can supply a server certificate as part of the customization file to be used as the service entry point ingress certificate. If used, it should be provided as a PEM-structured certificate, as follows:
  • Public key in *.crt or *.cer file
  • Private key in *.key file

Configuration parameters

Note: Enclose all parameter values with quotes.
Tip: Click the right arrow (>) on the upper right of this page to expand the table content.
Parameter Description Example value
CK_DOCKER_REGISTRY_ADDRESS Docker image registry address (FQDN), possibly with a port, separated by a colon pi-dpr-lin.appscan.com
CK_DOCKER_REGISTRY_USERNAME Docker image registry user name
CK_DOCKER_REGISTRY_PASSWORD Docker image registry password
CK_CNI_NETWORK_DOMAIN_SUFFIX Designated domain service name appscan.com
CK_CSI_STORAGE_CLASS_NAME Kubernetes storage driver class name longhorn
CK_CSI_STORAGE_SHARED_FILE_SYSTEM_VOLUME_NAME

Kubernetes predefined PV (Persistent Volume) to be used with the auto-generated PVC (Persistent Volume Claim) for the shared file system.

Note:
  • Optional. If left empty, the designated PV is generated automatically by the PVC.
  • This ability is generally used in case migrating from the Windows VM based version of AppScan 360°, and there is a need to keep the existing (shared) data.
CK_CSI_STORAGE_SHARED_FILE_SYSTEM_REQUESTED_CAPACITY Kubernetes shared storage designated size, to be calculated before installation, following the calculation logic outlined in the formal documentation. 100Gi
CK_INGRESS_CONTROLLER_CAPABILITIES_IS_HTTPS_BACKEND_PROTOCOL_SUPPORTED Indicates whether the ingress controller is based on NGINX, or the SSL onload (HTTPS backend protocol) is supported by the ingress controller (not via an annotation, but by the controller itself). false
CK_INGRESS_INTERNAL_CLASS The ingress class name to be used when deploying ingresses into the Kubernetes cluster. nginx
CK_INGRESS_INTERNAL_HOST_DOMAIN

The domain to be used when deploying ingresses into the Kubernetes cluster for building the host name.

Note: If left empty, it will be taken from CK_CNI_NETWORK_DOMAIN_SUFFIX
 appscan.com
CK_INGRESS_INTERNAL_HOST_SUBDOMAIN Subdomain to be used when deploying ingresses into the Kubernetes cluster for building the host name. expo.ascp
CK_CUSTOMER_INGRESS_CERTIFICATE_ENABLED Indicates whether to use a given certificate as the applicable external (out-of-cluster) microservices ingress certificates.
Note: Supply a server certificate as part of the customization file to be used as the service entry point ingress certificate, or, supply the certificate as a PEM structured certificate, as follows:

  • Public key in .crt or .cer file

  • Private key in .key file
 false
CK_CUSTOMER_INGRESS_CERTIFICATE_SECRET_DATA_CA_CRT_AS_BASE64 Supplied certificate authority (CA) signing certificate of the certificate used as the applicable external (out-of-cluster) microservices ingress certificates. <BASE64_ENCODED_VALUE>
CK_CUSTOMER_INGRESS_CERTIFICATE_SECRET_DATA_TLS_CRT_AS_BASE64 Supplied public key of the certificate used as the applicable external (out-of-cluster) microservices ingress certificates. <BASE64_ENCODED_VALUE>
CK_CUSTOMER_INGRESS_CERTIFICATE_SECRET_DATA_TLS_KEY_AS_BASE64 Supplied private key of the certificate used as the applicable external (out-of-cluster) microservices ingress certificates. <BASE64_ENCODED_VALUE>
CK_CONFIGURATION_DISCLOSED_SITE_URL AppScan 360° frontend URL.
Note: Do not include a trailing forward slash (/) in the URL.
 https://expo.ascp.appscan.com
CK_CONFIGURATION_DISCLOSED_EXTERNAL_IDP_MODE
Define your method for on-boarding new users:
  • AutoOnboard: Any user with access to the server can log in to AppScan 360°.
  • GroupsAccess: Any user in an authorized group (defined below) can log in to AppScan 360°.
  • ManualOnboard: Users must be invited using the Add Users button on the Access management > Users page.
 AutoOnboard
CK_CONFIGURATION_DISCLOSED_LDAP_DOMAIN LDAP server/service domain.
Important: When upgrading from AppScan 360° version 1.1.0 or earlier, the LDAP configuration cannot be resused as is. You must verify all LDAP parameters meet AppScan 360° version 1.2 requirements before installing.
 appscan.il
CK_CONFIGURATION_DISCLOSED_LDAP_USERNAME LDAP server/service user name for establishing connection.
Note: Relevant when 'ManualOnboard' is selected for the 'CK_CONFIGURATION_DISCLOSED_EXTERNAL_IDP_MODE.
 <LDAP_USERNAME>
CK_CONFIGURATION_DISCLOSED_LDAP_AUTHORIZED_GROUPS

The customer's list of LDAP groups (comma-separated) that are authorized to access AppScan 360°

Note: Relevant when "GroupsAccess" is indicated for CK_CONFIGURATION_DISCLOSED_EXTERNAL_IDP_MODE.
CK_CONFIGURATION_DISCLOSED_LDAP_TARGET_OU Designated location of the users in the AD (Active Directory) for LDAP queries. Used to authenticate AD users during login to AppScan 360°. Users,DC=appscan,DC=com
CK_CONFIGURATION_DISCLOSED_MAIL_SMTP_HOST SMTP mail server/service host name. wfilsus.israel.ottawa.watchfire.com
CK_CONFIGURATION_DISCLOSED_MAIL_SMTP_PORT SMTP mail server/service port. 25
CK_CONFIGURATION_DISCLOSED_MAIL_SMTP_USERNAME SMTP mail server/service user name for establishing connection. <SMTP_USERNAME>
CK_CONFIGURATION_DISCLOSED_MAIL_SMTP_ENABLE_SSL Indicates whether to establish a secured (over SSL/TLS) connection towards the customer's SMTP mail server/service. false

CK_CONFIGURATION_DISCLOSED_EXTERNAL_ACCESS_PROXY
Optional. When you have specified a dedicated external access proxy to enable internet access from within the network, use this parameter to hold the proxy address. If not used leave as a remark/comment (that is, not to enabled with an empty value).
Note:
  • If used, the proxy needs to be configured to allow egress (outgoing) traffic to the following sites: hclsoftware.compliance.flexnetoperations.com
  • Currently there is NO support for proxy authentication nor for using a script to configure the proxy settings.
 <PROXY_FQDN>:<PROXY_PORT>
CK_CONFIGURATION_CONFIDENTIAL_DEFAULT_CONNECTION MSSQL data store (database) connection string used to established a connection with the database. <DB_CONNECT_STRING>
CK_CONFIGURATION_CONFIDENTIAL_LDAP_PASSWORD

LDAP server/service password for establishing connection.

Note: Relevant when "ManualOnboard" is indicated for 'CK_CONFIGURATION_DISCLOSED_EXTERNAL_IDP_MODE.
 <LDAP_PASSWORD>
CK_CONFIGURATION_CONFIDENTIAL_MAIL_SMTP_PASSWORD SMTP mail server/service password for establishing connection. <SMTP_PASSWORD>

Sample singular-singular.clusterKit.properties

#
## Docker Registry info
#

CK_DOCKER_REGISTRY_ADDRESS='pi-dpr-lin.appscan.com'
CK_DOCKER_REGISTRY_USERNAME='user'
CK_DOCKER_REGISTRY_PASSWORD='password'

#
## Network info
#

CK_CNI_NETWORK_DOMAIN_SUFFIX='appscan.com'

#
## Storage info
#

CK_CSI_STORAGE_CLASS_NAME='longhorn'
CK_CSI_STORAGE_SHARED_FILE_SYSTEM_VOLUME_NAME=''
CK_CSI_STORAGE_SHARED_FILE_SYSTEM_REQUESTED_CAPACITY='100Gi'

#
## Ingress info
#

CK_INGRESS_CONTROLLER_CAPABILITIES_IS_HTTPS_BACKEND_PROTOCOL_SUPPORTED='false'
CK_INGRESS_INTERNAL_CLASS='nginx'
CK_INGRESS_INTERNAL_HOST_DOMAIN='appscan.com'
CK_INGRESS_INTERNAL_HOST_SUBDOMAIN='expo.ascp'

#
## Customer certificate info 
#

CK_CUSTOMER_INGRESS_CERTIFICATE_ENABLED='false'
CK_CUSTOMER_INGRESS_CERTIFICATE_SECRET_DATA_CA_CRT_AS_BASE64='   '
CK_CUSTOMER_INGRESS_CERTIFICATE_SECRET_DATA_TLS_CRT_AS_BASE64='  '
CK_CUSTOMER_INGRESS_CERTIFICATE_SECRET_DATA_TLS_KEY_AS_BASE64='  '

#
## Configuration/Disclosed info
#

CK_CONFIGURATION_DISCLOSED_SITE_URL='https://expo.ascp.appscan.com'
CK_CONFIGURATION_DISCLOSED_EXTERNAL_IDP_MODE='AutoOnboard'
CK_CONFIGURATION_DISCLOSED_LDAP_DOMAIN='appscan.com'
CK_CONFIGURATION_DISCLOSED_LDAP_USERNAME='labmgr'
CK_CONFIGURATION_DISCLOSED_LDAP_AUTHORIZED_GROUPS=''
CK_CONFIGURATION_DISCLOSED_LDAP_TARGET_OU='CN=Users,DC=appscan,DC=com'
CK_CONFIGURATION_DISCLOSED_MAIL_SMTP_HOST='wfilsus.israel.ottawa.watchfire.com'
CK_CONFIGURATION_DISCLOSED_MAIL_SMTP_PORT='25'
CK_CONFIGURATION_DISCLOSED_MAIL_SMTP_USERNAME='admin@abcd'
CK_CONFIGURATION_DISCLOSED_MAIL_SMTP_ENABLE_SSL='false'
CK_CONFIGURATION_DISCLOSED_EXTERNAL_ACCESS_PROXY='<PROXY_FQDN>:<PROXY_PORT>'

#
## Configuration/Confidential info
#

CK_CONFIGURATION_CONFIDENTIAL_DEFAULT_CONNECTION='Data Source=mssql-service.expo.ascp.appscan.com;Initial Catalog=AppScanCloudDB;User ID=ABC;Password=1234;MultipleActiveResultSets=True;TrustServerCertificate=True'
CK_CONFIGURATION_CONFIDENTIAL_LDAP_PASSWORD='12345678Abcdefg'
CK_CONFIGURATION_CONFIDENTIAL_MAIL_SMTP_PASSWORD='ABC!@#123'