publishassessase (pase)

Description

Publish the current assessment or a selected assessment to the AppScan® Enterprise Console. When this command is used, the assessment is not available to AppScan Source clients such as AppScan Source for Analysis (use the publishassess (pa) command to publish to AppScan Source clients).

Syntax

publishassessase 
-aseapplication <ase_application> [id] [path] 
[-folder <location>] [-name <published_assessment_name>] [-preventOverwrite]
  • -aseapplication <ase_application>: This option is required when connected to AppScan Enterprise Server Version 9.0.3 and higher (unless you disable the requirement, as described here). Associating an application is optional when connected to earlier versions of AppScan Enterprise Server. Use this option to specify the Enterprise Console application to associate the assessment with.
  • id: Optional literal. Identifies the assessment ID. You can use the listassess (la) command to find the assessment ID.
  • path: Optional literal. Path and file name of the assessment file.
  • -folder <location>: Optional. This option only applies when connected to AppScan Enterprise Server versions prior to Version 9.0.3. Specify the Enterprise Console folder to publish to. If this argument is not used, the assessment will be published to your default Enterprise Console folder.
  • -name <published_assessment_name>: Optional. Name that the assessment will be saved as in the Enterprise Console. If this argument is not used, a name will be generated based on the AppScan Source application that was scanned to produce the assessment (this name will be prepended with AppScan Source:).
  • -preventOverwrite: Optional. Include this argument to prevent publication if an assessment of the same name already exists on the server.

When the optional argument is an integer, the command assumes it is the assessment ID. When it is not an integer, the command assumes it is a path to a saved assessment file.

If an assessment is not specified using the id or path command, the assessment generated by the most recent scan will be assumed.

Important:

When you upgrade to AppScan Source Version 9.0.3.4, you will notice these changes:

  • When you publish an assessment to AppScan Enterprise Console, you must now associate the assessment with an application in AppScan Enterprise (if you are running AppScan Enterprise Server Version 9.0.3 and higher). As a result, automation scripts may fail if they do not include application association. In AppScan Enterprise Server, application association is required if you want to take advantage of AppScan Enterprise Server application security risk management features. See http://help.hcltechsw.com/appscan/Enterprise/9.0.3/topics/c_overview.html.
  • In addition, you must remove the port from the AppScan Enterprise URL.
    1. In AppScan Source for Analysis, click Edit > Preferences.
    2. In the AppScan Enterprise Console settings, remove the port from the Enterprise Console URL field.
  • After you publish your assessment, it will only be available in the AppScan Enterprise Monitor view (in previous releases, the assessment was available in the AppScan Enterprise Scans view). Migrating to this view is described in http://help.hcltechsw.com/appscan/Enterprise/9.0.3/topics/t_workflow_for_applications.html.

This is the result of a changed communication protocol between AppScan Source and AppScan Enterprise Server that is required for publishing to AppScan Enterprise Server when using Common Access Card (CAC) authentication.

If you do not want to publish assessments to AppScan Enterprise Server when CAC authentication is enabled - or if you do not want to take advantage of Enterprise Server application security risk management features - you can revert to the previous communication protocol as follows:

  1. Open <data_dir>\config\ounce.ozsettings (where <data_dir> is the location of your AppScan Source program data, as described in Installation and user data file locations)).
  2. In this file, locate this setting:
    <Setting 
		name="force_ase902_assessment_publish"
		value="false"
		default_value="false"
		description="Use ASE 9.0.2-style assessment publish"
		display_name="Use ASE 9.0.2-style assessment publish"
		type="boolean"
		read_only="true"
		hidden="true"
/>
  3. In the setting, change value="false" to value="true" and then save the file.
  4. Restart the AppScan Source product that you will publish assessments from.

When this setting is set to value="true":

  • If you associate an assessment with an application in AppScan Enterprise when publishing, the assessment will be available in the Monitor and Scans views.
  • If you do not associate an assessment with an application when publishing, the assessment will be available in the Scans view.
  • You will not be able to publish assessments to AppScan Enterprise Server when CAC authentication is enabled.

For further information, see Publishing from AppScan Source version 9.0.3.4 and higher to AppScan Enterprise requires application.