AppScan Enterprise configuration

With new installations of AppScan® Source version 10.0.2 and newer, you must configure AppScan Enterprise if you want to work in connected mode. These tasks need to be performed once.

As covered in Installing topics, AppScan Source can be configured in these ways:

Configuring AppScan Source and AppScan Enterprise to use SolidDB/Oracle to store data.

When upgrading AppScan Source from version 10.0.1 or earlier to version 10.0.2 or later, AppScan Source can continue to use the previously configured SolidDB/Oracle database to store data.

After upgrade, the database should be registered with AppScan Enterprise Server. Use appscanserverdbmgr.bat/appscanserverdbmgr.sh to (re)register the database with AppScan Enterprise Server.

If AppScan Source needs to publish assessments then AppScan Enterprise Server should be installed with both User Administration and Enterprise Console. If you do not intend to publish assessments, then AppScan Enterprise Server can be installed just with User Administration alone.

Note: The AppScan Enterprise instance should be version 10.0.0 or later.

Using the AppScan Database Service integrated with AppScan Enterprise to store data

With new installations of AppScan Source version 10.0.2 and newer, you must configure AppScan Enterprise if you want to work in connected mode. This section covers steps related to configuring AppScan Enterprise to support AppScan Source installations.
Note: With new installations of AppScan Sourceversion 10.0.2 and newer, AppScan Enterpriseversion 10.0.2 or later is required. Older versions of AppScan Enterprise are not supported. In addition, AppScan Enterprise Server must be installed with both User Administration and Enterprise Console.
Configuring AppScan Enterprise for use with AppScan Source version 10.0.2 and newer has two major steps. After the AppScan Database Service is configured, AppScan Source user management and data backup is performed in AppScan Enterprise:

Configuring the AppScan Database Service

Note: You must have administrator privileges in AppScan Enterprise and appropriate permissions to create a new database in MS-SQL to perform these steps.

In AppScan Enterprise:

  1. Locate the properties file (<ASE_INSTALL_DIR>\AppScanDBService\config\DbService.properties)
  2. Verify information for the following properties:
    Property Default Notes
    spring.datasource.url spring.datasource.url=jdbc:sqlserver://<IP OR HOSTNAME OF DB SERVER>:<PORT>;databaseName=<DATABASE NAME>;integratedSecurity=true
    Where:
    • <IP OR HOSTNAME OF DB SERVER> is the hostname or IP of the MS-SQL server machine.
    • <PORT> is port number of the MS-SQL server.

    • <DATABASE NAME> is the database that will be created if one does not exist. The database name is case-sensitive.

      Note: This database name should be different than the database used by AppScan Enterprise Server.
    For example: jdbc:sqlserver://localhost:1433;databaseName=source_db;integratedSecurity=true
    server.port 8090 Any change to the port specified here must be mirrored in asc.properties. Restart the AppScan Database Service and ASE services when you change port configuration.
    rootdir C:/AppScanArtifacts File storage location and metadata in the MS-SQL database.
    Note: Add this property during initial setup, and do not change it later. Doing so will corrupt data.
  3. Run <ASE_INSTALL_DIR>\AppScanDBService\config\startup.bat to start the AppScan Database Service.

    Starting the service requires the JRE path set in the environment. Set the JRE path to <ASE_INSTALL_DIR>\Liberty\jre and start the service.

    For example: 
    > SET PATH=”C:\Program Files (x86)\IBM\AppScan Enterprise\Liberty\jre\bin”;%PATH% 
> C:\Program Files (x86)\IBM\AppScan Enterprise\AppScanDBService\config\startup.bat
Note: Each time you edit a property in DbService.properties, you must shutdown and restart the services as follows:
  1. Run <ASE_INSTALL_DIR>\AppScanDBService\config\shutdown.bat.
  2. Run <ASE_INSTALL_DIR>\AppScanDBService\config\startup.bat.
  3. Restart the AppScan Enterprise Server services.

Configuring AppScan Enterprise Server for AppScan Database Service

You must configure the database server URL:
  1. Locate the file <ASE_INSTALL_DIR>\Liberty\usr\servers\ase\config\asc.properties.
  2. Add the property ase.source.dbserver.url to asc.properties as follows, specifying the localhost name for the AppScan Enterprise Server: ase.source.dbserver.url=http://localhost:8090.
  3. Restart the AppScan Enterprise Server services.
Note: Each time you modify the AppScan Database Service port, you must restart AppScan Enterprise Server service for the changes to take effect.

User management

When AppScan Source version 10.0.2 or later is configured to use the AppScan Database Service, user management takes place in AppScan Enterprise. The following AppScan Source-specific user permissions have been added to AppScan Enterprise Server:
  • Create and share a custom rule.
  • Delete a published assessment on the server.
  • Publish a new assessment to the server.
  • Retrieve a published assessment from the server.
  • Share a filter using the server.
  • Share a scan configuration using the server.
  • Create a PBSA scan rule on the server.
The AppScan Enterprise administrator can create or modify user types by configuring these AppScan Source-specific permissions and assign users to appropriate types.

Data backup

Back up AppScan Source-related information regularly to avoid inadvertent data loss. Data is stored in two locations in AppScan Enterprise Server
  • The MS-SQL database holds the metadata of all the shared information. The database name is configured in DbService.properties.
  • The file system holds the actual files that are shared from AppScan Source.This file system path for the data is configured in DbService.properties.
Back up both locations at the same time to avoid data conflicts. Backing up data asynchronously risks rendering the data unusable.