Skip to main content

Installing IAST using One Single Endpoint with Docker

Prerequisites

Installing the IAST Docker image requires the following:

  • Access to pull the ‘checkmarx/iast’ and ‘checkmarx/iast-roxy’ Docker images in Dockerhub. If you do not have access, contact technical support.

  • An existing database. For additional information on the supported databases, refer to Server Host Requirements.

  • A valid IAST license file: license.cxl

  • Refer to License Types and Restrictions for further information.

Notice

Creating the Config Folder

1. Create the config folder with the following:

  • license.cxl file

  • config file.

2. Using your text editor, create the config file* using the following template:

# Checkmarx IAST config file

# Read the Checkmarx EULA, located at CxIAST End User License Agreement (EULA).
ACCEPT_EULA=y
PUBLIC_ORIGIN=Your_PUBLIC_ORIGIN

# DB Configuration
DB_IP=Your_DB_IP
DB_INSTANCE=
DB_USER=sa
DB_PASSWORD=yourStrongPassword

Notice

Replace <Your_PUBLIC_ORIGIN> with your public origin. The public origin is the URL used to access the manager, for example my-dns.

SSL

To use IAST Manager on SSL, place the .pfx, .jks, and .cer files into the config folder and add their respective file names to the following config files:

# SSL Configuration
USE_SSL=true
pfx_Name=file.pfx
pfx_Password=yourStrongPassword

Notice

Replace <file.pfx, file.jks, file.cer> with the actual file names and replace yourStrongPassword with the respective passwords.

Creating the Docker-Compose File

Follow the instructions below to create the Docker-Compose file.

1. Use your text editor to create a file called docker-compose-single-port.yml in the same config folder.

2. Paste the following content to the file:

services:
  iast:
    container_name: iast
    image: checkmarx/iast:latest
    environment:
      - SA_PASSWORD=${SA_PASSWORD:?SA_PASSWORD environment variable must be set}
      - IAST_PROXY_PORT=${IAST_PROXY_PORT:?IAST_PROXY_PORT environment variable must be set}
    volumes:
      - './logs:/opt/IAST/Manager/logs'
      - './cx-logs:/opt/IAST/Manager/cx-logs'
      - './ac-logs:/opt/CxIAST/CxAccessControl/Logs'
      - './config:/config'
    networks:
      - backend
    command: ["./initenv.sh"]
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-sSfk", "https://localhost:${IAST_PROXY_PORT}/iast/projects/exclusions"]
      retries: 20
  proxy:
    container_name: iast_proxy
    image: checkmarx/iast-proxy:latest
    environment:
      - IAST_PROXY_PORT=${IAST_PROXY_PORT:?IAST_PROXY_PORT environment variable must be set}
    ports:
      - '${IAST_PROXY_PORT}:${IAST_PROXY_PORT}'
    volumes:
      - './apache-logs:/apache-logs'
      - './config:/config'
    networks:
      - backend

networks:
  backend:
volumes:
  data-volume:

Creating the .env File

Follow the instructions below to create the .env file.

1. In the same config folder, create the .env file.

2. Copy the following content into the .env file:

IAST_PROXY_PORT=TOUR_ IAST_PROXY_PORT
SA_PASSWORD=YOUR_ SA_PASSWORD

To run the Docker using the Proxy:

  • Enter the following commands:

docker login
docker-compose -d -f docker-compose-single-port.yml up
Command to stop container:
docker-compose -f docker-compose-single-port.yml down -v

To acess Access Control and the IAST web platform:

  • To access Access Control, go to https://<MY-PUBLIC-ORIGIN>:<IAST-PROXY-PORT>

  • To access the IAST web platform, go to https://<MY-PUBLIC-ORIGIN>:<IAST-PROXY-PORT/iast-ui