Skip to main content

Installing IAST using One Single Endpoint with Docker

Prerequisites

Installing the IAST Docker image requires the following:

  • Access to pull the ‘checkmarx/iast’ and ‘checkmarx/iast-roxy’ Docker images in Dockerhub. If you do not have access, contact technical support.

  • An existing database. For additional information on the supported databases, refer to Server Host Requirements.

  • A valid IAST license file: license.cxl

  • Refer to License Types and Restrictions for further information.

Note

Creating the Config Folder

To create the config folder, do the following:

  1. Create the config folder with the following:

    • license.cxl file

    • config file.

  2. Using your text editor, create the config file* using the following template:

    # Checkmarx IAST config file
    
    # Read the Checkmarx EULA, located at CxIAST End User License Agreement (EULA).
    ACCEPT_EULA=y
    PUBLIC_ORIGIN=Your_PUBLIC_ORIGIN
    
    # DB Configuration
    DB_IP=Your_DB_IP
    DB_INSTANCE=
    DB_USER=sa
    DB_PASSWORD=yourStrongPassword

Note

Replace <Your_PUBLIC_ORIGIN> with your public origin. The public origin is the URL used to access the manager, for example my-dns.

SSL

To use IAST Manager on SSL, place the .pfx, .jks, and .cer files into the config folder and add their respective file names to the following config files:

# SSL Configuration
USE_SSL=true
pfx_Name=file.pfx
pfx_Password=yourStrongPassword

Note

Replace <file.pfx, file.jks, file.cer> with the actual file names and replace yourStrongPassword with the respective passwords.

Creating the Docker-Compose File

Follow the instructions below to create the Docker-Compose file.

  1. Use your text editor to create a file called docker-compose-single-port.yml in the same config folder.

  2. Paste the following content to the file:

    services:
      iast:
        container_name: iast
        image: checkmarx/iast:latest
        environment:
          - SA_PASSWORD=${SA_PASSWORD:?SA_PASSWORD environment variable must be set}
          - IAST_PROXY_PORT=${IAST_PROXY_PORT:?IAST_PROXY_PORT environment variable must be set}
        volumes:
          - './logs:/opt/IAST/Manager/logs'
          - './cx-logs:/opt/IAST/Manager/cx-logs'
          - './ac-logs:/opt/CxIAST/CxAccessControl/Logs'
          - './config:/config'
        networks:
          - backend
        command: ["./initenv.sh"]
        restart: unless-stopped
        healthcheck:
          test: ["CMD", "curl", "-sSfk", "https://localhost:${IAST_PROXY_PORT}/iast/projects/exclusions"]
          retries: 20
      proxy:
        container_name: iast_proxy
        image: checkmarx/iast-proxy:latest
        environment:
          - IAST_PROXY_PORT=${IAST_PROXY_PORT:?IAST_PROXY_PORT environment variable must be set}
        ports:
          - '${IAST_PROXY_PORT}:${IAST_PROXY_PORT}'
        volumes:
          - './apache-logs:/apache-logs'
          - './config:/config'
        networks:
          - backend
    
    networks:
      backend:
    volumes:
      data-volume:

Creating the .env File

Follow the instructions below to create the .env file.

  1. In the same config folder, create the .env file.

  2. Copy the following content into the .env file:

    IAST_PROXY_PORT=TOUR_ IAST_PROXY_PORT
    SA_PASSWORD=YOUR_ SA_PASSWORD

To run the Docker using the Proxy:

  • Enter the following commands:

    docker login
    docker-compose -d -f docker-compose-single-port.yml up
    Command to stop container:
    docker-compose -f docker-compose-single-port.yml down -v

To acess Access Control and the IAST web platform:

  • To access Access Control, go to https://<MY-PUBLIC-ORIGIN>:<IAST-PROXY-PORT>

  • To access the IAST web platform, go to https://<MY-PUBLIC-ORIGIN>:<IAST-PROXY-PORT/iast-ui