How to apply a scan rule set by default when creating a new application

Technote (FAQ)


Question

When creating a new application using IBM Security AppScan Source, how do you automatically apply a scan rule set by default?

Cause

When creating a new application, you would have to manually add in the scan rule sets that you want for each application that you create. By automatically adding the scan rule sets upon the application creation based on the language, you can save time.

Answer

A global setting can be set for each language in the <appscan_source>\ltd directory.

For example, if you want to add the "Java" scan rule set to every new Java application that is created, you can modify the java.ltd file to add the <ScanRuleSet name="Java"/> setting as seen below:


    <?xml version="1.0" encoding="UTF-8"?>
    <LanguageTypeDefinition name="java" display_name="Java/JSP" file_extension_set_name="java" cma_compute_limit="50" perform_cma="true" cross_project_analysis="true" new_project="true" copy_manual="true" cache_va="false" can_cache_va="true" can_wafl_gen="true" wafl_gen="frameworksCLI" can_string_analysis="true" custom_rules="true">
       <Scanner name="java"/>
       <Scanner name="pbsa"/>    
       
    <ScanRuleSet name="Java"/>
    </LanguageTypeDefinition>

After making the change above, save the java.ltd file, then restart AppScan Source for the changes to take effect. When creating new Java applications, the project's scan rule sets property will now add "Java" by default.


Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Security AppScan Source
Documentation

Software version:

8.0, 8.0.0.1, 8.0.0.2, 8.5, 8.5.0.1, 8.6, 8.6.0.1, 8.6.0.2

Operating system(s):

Linux, Windows

Reference #:

1625706

Modified date:

2013-02-15

Translate my page

Machine Translation

Content navigation