As we reach the end of September 2024, ThreadFix version 3.x on-premises has officially reached its End-of-Life. Therefore, there is no longer support or updates for this version of the product. We have fully transitioned our product and development teams to focus ThreadFix SaaS and migrating all customers over from the on-premises versions. Our Customer Success and Support teams are here to help you in migrating to ThreadFix SaaS and maximizing the value you see from this improved offering from Coalfire. This is the next phase of ThreadFix and our team is looking forward to continuing to support you on this journey.

AppScan Standard Scan Agent (ThreadFix 3.X)

Owned by Daniel Colon
Last updated: Jan 25, 2023Version comment
2 min read

You will learn

How to setup and run AppScan Standard Scan Agent.

Prerequisites

Audience: IT Professional
Difficulty: Intermediate
Time needed: Approximately 10 minutes
Tools required: AppScan Standard

  1. Scanners must always be configured first as detailed in the Scanner Configuration guide.

  2. After running "java -jar scanagent.jar -r" to start the scan agent on the AppScan Standard server, detailed in the Scanner Configuration guide, set up a scan agent task in ThreadFix. After starting the scan agent start a task in ThreadFix. If desired, follow the progress of the scan on the AppScan server (note if using Powershell clicking in the Powershell window will freeze the scan), or by refreshing ThreadFix.

     

  3. Once complete a blue banner saying a scan is complete will display and upload automatically. AppScan will reset and prepare for the next task. The base scan and dest scan will be populated in the workDir from the setup to be used as a future base scan if desired. 

  4. Save the state of the scanner and name the config file. The name must be all lower-case or ThreadFix will not recognize the file:
    <scanner>.scanagtcfg (e.g., zap.scanagtcfg)

  5. AppScan require a base scan that it uses as the configuration file. Run a scan on AppScan Standard (note the configurations of this scan will be the configuration of a user-sent task). Save this file as a .scan file. 

     

     

  6. This file can be used with the naming convention "appScan.scanagtcfg" which will work for all future tasks until replaced, by uploading it to the ThreadFix application itself or by uploading it during the task setup. ThreadFix is looking for a .scanagtcfg file, anything uploaded during the task setup is saved in Files and can be used again. This is per ThreadFix application so a different application that does not have a .scanagtcfg would have to repeat this process. 

    Another option is to take the .scan file, leave it as a .scan file and upload it during the task set up as a one time use configuration (will not be used in future tasks). This is used as a Profile in ThreadFix and will be labeled in the Task tab. 

  7. To edit the configuration, simply run another scan in the AppScan Standard app and replace the .scan or .scanagtcfg being used. 

www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.