AppScan Source deployment models

This section describes three different deployment models and the components that comprise each model.

The AppScan® Source products (coupled with the AppScan Enterprise Server) support several deployment options to meet varied organizational requirements. Client and server components comprise the product solution, and each component serves a specific purpose. Some deployment models require all components while others need only a few. Furthermore, some information technology policies require deployment of certain server components on separate computers versus all components on one computer.

This section describes three different deployment models:

The deployment that best fits your needs could be a combination of models. This table provides a brief description of each deployed AppScan Source product or component.

Note: As of version 9.0.3.11, AppScan Source no longer supports macOS or iOS Xcode scanning.
Component Description
AppScan Source for Analysis A workbench to analyze, isolate, and take action on priority vulnerabilities. Provides security analysts, QA managers, and development managers with fast time-to-results. AppScan Source for Analysis must communicate with the AppScan Enterprise Server.
AppScan Source for Development IDE-integrated components focused on remediation of vulnerabilities at the line of code level. AppScan Source for Development only communicates with the AppScan Enterprise Server when scanning source code.
AppScan Source Database An out-of-the-box database that persists the AppScan Source Security Knowledgebase data, assessment data, and application/project inventory.
Important: When scanning, AppScan Enterprise Server and AppScan Source clients (except AppScan Source for Development) both require a direct connection to the AppScan Source Database (either solidDB® or Oracle).
AppScan Source for Automation Automate key aspects of the AppScan Source workflow and integrate scans with build environments during the software development life cycle (SDLC). The Automation Server processes requests to scan and publish assessments and generate reports. It runs as a service/daemon and must communicate with the AppScan Enterprise Server.
AppScan Source command line interface (CLI) client Provides command line access to various AppScan Source functions to enable integration, automation, and scripting, in addition to the functions provided by AppScan Source for Automation.

The CLI must communicate with the AppScan Enterprise Server.

Each of the components in the table must communicate with an AppScan Enterprise Server. The server provides centralized user management capabilities and a mechanism for sharing assessments via the AppScan Source Database. In addition, if your administrator has installed the Enterprise Console component of the AppScan Enterprise Server, you can publish assessments to it. The Enterprise Console offers a variety of tools for working with your assessments - such as reporting features, issue management, trend analysis, and dashboards.