IBM Support

How to apply a scan rule set by default when creating a new application

Technote (FAQ)


When creating a new application using IBM Security AppScan Source, how do you automatically apply a scan rule set by default?


When creating a new application, you would have to manually add in the scan rule sets that you want for each application that you create. By automatically adding the scan rule sets upon the application creation based on the language, you can save time.


A global setting can be set for each language in the <appscan_source>\ltd directory.

For example, if you want to add the "Java" scan rule set to every new Java application that is created, you can modify the file to add the <ScanRuleSet name="Java"/> setting as seen below:

    <?xml version="1.0" encoding="UTF-8"?>
    <LanguageTypeDefinition name="java" display_name="Java/JSP" file_extension_set_name="java" cma_compute_limit="50" perform_cma="true" cross_project_analysis="true" new_project="true" copy_manual="true" cache_va="false" can_cache_va="true" can_wafl_gen="true" wafl_gen="frameworksCLI" can_string_analysis="true" custom_rules="true">
       <Scanner name="java"/>
       <Scanner name="pbsa"/>    
    <ScanRuleSet name="Java"/>

After making the change above, save the file, then restart AppScan Source for the changes to take effect. When creating new Java applications, the project's scan rule sets property will now add "Java" by default.

Document information

More support for: IBM Security AppScan Source

Software version: 8.0,,, 8.5,, 8.6,,

Operating system(s): Linux, Windows

Reference #: 1625706

Modified date: 15 February 2013

Translate this page: