Versions Compared

Old Version 4

changes.mady.by.user Daniel Colon

Saved on

compared with

New Version Current

changes.mady.by.user Daniel Colon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Per TFDEV-1694. For 2.8.8

Thank you for your patience while we update our documentation. While ThreadFix supports this tool, we are still working to provide step-by-step instructions on integrating this product with ThreadFix.

...

Image Added

📙 You will learn

How to setup and run AppScan Standard Scan Agent.

Prerequisites

Audience: IT Professional
Difficulty: Intermediate
Time needed: Approximately 10 minutes
Tools required: AppScan Standard

  1. Scanners must always be configured first as detailed in the Scanner Configuration guide.

  2. After running "java -jar scanagent.jar -r" to start the scan agent on the AppScan Standard server, detailed in the Scanner Configuration guide, set up a scan agent task in ThreadFix. After starting the scan agent start a task in ThreadFix. If desired, follow the progress of the scan on the AppScan server (note if using Powershell clicking in the Powershell window will freeze the scan), or by refreshing ThreadFix.

  3. Once complete a blue banner saying a scan is complete will display and upload automatically. AppScan will reset and prepare for the next task. The base scan and dest scan will be populated in the workDir from the setup to be used as a future base scan if desired. 

  4. Save the state of the scanner and name the config file. The name must be all lower-case or ThreadFix will not recognize the file:
    <scanner>.scanagtcfg (e.g., zap.scanagtcfg)

  5. AppScan require a base scan that it uses as the configuration file. Run a scan on AppScan Standard (note the configurations of this scan will be the configuration of a user-sent task). Save this file as a .scan file. 

    Image Added



    Image Added

  6. This file can be used with the naming convention "appScan.scanagtcfg" which will work for all future tasks until replaced, by uploading it to the ThreadFix application itself or by uploading it during the task setup. ThreadFix is looking for a .scanagtcfg file, anything uploaded during the task setup is saved in Files and can be used again. This is per ThreadFix application so a different application that does not have a .scanagtcfg would have to repeat this process. 

    Another option is to take the .scan file, leave it as a .scan file and upload it during the task set up as a one time use configuration (will not be used in future tasks). This is used as a Profile in ThreadFix and will be labeled in the Task tab. 

  7. To edit the configuration, simply run another scan in the AppScan Standard app and replace the .scan or .scanagtcfg being used. 

Table of Contents

Table of Contents
minLevel1
maxLevel7