PublishAssessmentASE

Description

Publish the selected assessment to the AppScan® Enterprise Console.

Syntax

ounceauto PublishAssessmentASE -file <assessment_file> 
[-aseapplication <ase_application>] [-caller <caller>] 
[-folder <location>] [-name <published_assessment_name>] 
[-preventOverwrite]
  • -file <assessment_file>: Required. Path and file name of the assessment file.
  • -aseapplication <ase_application>: This option is required when connected to AppScan Enterprise Server Version 9.0.3 and higher (unless you disable the requirement, as described here). Associating an application is optional when connected to earlier versions of AppScan Enterprise Server. Use this option to specify the Enterprise Console application to associate the assessment with.
  • -caller <caller>: Optional. Assign a caller to the report generation operation. The caller can be the name of an actual user, but this is not required. The caller name is written to the ounceauto log file.
  • -folder <location>: Optional. This option only applies when connected to AppScan Enterprise Server versions prior to Version 9.0.3. Specify the Enterprise Console folder to publish to. If this argument is not used, the assessment will be published to your default Enterprise Console folder.
  • -name <published_assessment_name>: Optional. Name that the assessment will be saved as in the Enterprise Console. If this argument is not used, a name will be generated based on the AppScan Source application that was scanned to produce the assessment (this name will be prepended with AppScan Source:).
  • -preventOverwrite: Optional. Include this argument to prevent publication if an assessment of the same name already exists on the server.

Return Value

The Request ID if successful, or -1 if the request submission was unsuccessful.

Example

To publish the WebGoat_Internal assessment to AppScan Enterprise Server Version 9.0.3 or higher:

ounceauto publishassessmentase -file C:\Ounce\Data\WebGoat_Internal.ozasmt 
-aseapplication myapplication
Important:

When you upgrade to AppScan Source Version 9.0.3.4, you will notice these changes:

  • When you publish an assessment to AppScan Enterprise Console, you must now associate the assessment with an application in AppScan Enterprise (if you are running AppScan Enterprise Server Version 9.0.3 and higher). As a result, automation scripts may fail if they do not include application association. In AppScan Enterprise Server, application association is required if you want to take advantage of AppScan Enterprise Server application security risk management features. See http://help.hcltechsw.com/appscan/Enterprise/9.0.3/topics/c_overview.html.
  • In addition, you must remove the port from the AppScan Enterprise URL.
    1. In AppScan Source for Analysis, click Edit > Preferences.
    2. In the AppScan Enterprise Console settings, remove the port from the Enterprise Console URL field.
  • After you publish your assessment, it will only be available in the AppScan Enterprise Monitor view (in previous releases, the assessment was available in the AppScan Enterprise Scans view). Migrating to this view is described in http://help.hcltechsw.com/appscan/Enterprise/9.0.3/topics/t_workflow_for_applications.html.

This is the result of a changed communication protocol between AppScan Source and AppScan Enterprise Server that is required for publishing to AppScan Enterprise Server when using Common Access Card (CAC) authentication.

If you do not want to publish assessments to AppScan Enterprise Server when CAC authentication is enabled - or if you do not want to take advantage of Enterprise Server application security risk management features - you can revert to the previous communication protocol as follows:

  1. Open <data_dir>\config\ounce.ozsettings (where <data_dir> is the location of your AppScan Source program data, as described in Installation and user data file locations)).
  2. In this file, locate this setting:
    <Setting 
		name="force_ase902_assessment_publish"
		value="false"
		default_value="false"
		description="Use ASE 9.0.2-style assessment publish"
		display_name="Use ASE 9.0.2-style assessment publish"
		type="boolean"
		read_only="true"
		hidden="true"
/>
  3. In the setting, change value="false" to value="true" and then save the file.
  4. Restart the AppScan Source product that you will publish assessments from.

When this setting is set to value="true":

  • If you associate an assessment with an application in AppScan Enterprise when publishing, the assessment will be available in the Monitor and Scans views.
  • If you do not associate an assessment with an application when publishing, the assessment will be available in the Scans view.
  • You will not be able to publish assessments to AppScan Enterprise Server when CAC authentication is enabled.

For further information, see Publishing from AppScan Source version 9.0.3.4 and higher to AppScan Enterprise requires application.