When creating a new application using IBM Security AppScan Source, how do you automatically apply a scan rule set by default?
When creating a new application, you would have to manually add in the scan rule sets that you want for each application that you create. By automatically adding the scan rule sets upon the application creation based on the language, you can save time.
A global setting can be set for each language in the <appscan_source>\ltd directory.
For example, if you want to add the "Java" scan rule set to every new Java application that is created, you can modify the java.ltd file to add the <ScanRuleSet name="Java"/> setting as seen below:
<?xml version="1.0" encoding="UTF-8"?>
<LanguageTypeDefinition name="java" display_name="Java/JSP" file_extension_set_name="java" cma_compute_limit="50" perform_cma="true" cross_project_analysis="true" new_project="true" copy_manual="true" cache_va="false" can_cache_va="true" can_wafl_gen="true" wafl_gen="frameworksCLI" can_string_analysis="true" custom_rules="true">
After making the change above, save the java.ltd file, then restart AppScan Source for the changes to take effect. When creating new Java applications, the project's scan rule sets property will now add "Java" by default.