Technote (FAQ)
Question
When creating a new application using IBM Security AppScan Source, how do you automatically apply a scan rule set by default?
Cause
When creating a new application, you would have to manually add in the scan rule sets that you want for each application that you create. By automatically adding the scan rule sets upon the application creation based on the language, you can save time.
Answer
A global setting can be set for each language in the <appscan_source>\ltd directory.
For example, if you want to add the "Java" scan rule set to every new Java application that is created, you can modify the java.ltd file to add the <ScanRuleSet name="Java"/> setting as seen below:
<?xml version="1.0" encoding="UTF-8"?>
<LanguageTypeDefinition name="java" display_name="Java/JSP" file_extension_set_name="java" cma_compute_limit="50" perform_cma="true" cross_project_analysis="true" new_project="true" copy_manual="true" cache_va="false" can_cache_va="true" can_wafl_gen="true" wafl_gen="frameworksCLI" can_string_analysis="true" custom_rules="true">
<Scanner name="java"/>
<Scanner name="pbsa"/>
<ScanRuleSet name="Java"/>
</LanguageTypeDefinition>
After making the change above, save the java.ltd file, then restart AppScan Source for the changes to take effect. When creating new Java applications, the project's scan rule sets property will now add "Java" by default.
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.