Skip to main content

Installing IAST using Docker

Prerequisites

Installing the IAST Docker image requires the following:

Note

Creating the Config Folder

Create the config folder as explained below.

  1. Create a folder with the following:

    • license.cxl file

    • If SSL is enabled, look under ssl.

    • config file.

  2. Create the config file* using the following template:

    # Checkmarx IAST config file
    
    # Read the Checkmarx EULA, located at CxIAST End User License Agreement (EULA).
    ACCEPT_EULA=y
    PUBLIC_ORIGIN=Your_PUBLIC_ORIGIN
    
    # DB Configuration
    DB_IP=db
    DB_PORT=1433
    DB_INSTANCE=
    DB_USER=sa
    DB_PASSWORD=yourStrongPassword

Note

Replace <Your_PUBLIC_ORIGIN> with your public origin. The public origin is the URL used to access the manager, for example my-dns.

SSL

To use IAST Manager on SSL, place the .pfx, .jks, and .cer files into the config folder and add their respective file names to the following config files:

# SSL Configuration
USE_SSL=true
pfx_Name=file.pfx
pfx_Password=yourStrongPassword
jks_Name=file.jks
jks_Password=yourStrongPassword
cert_Name=file.cer

Note

  • Replace <file.pfx, file.jks, file.cer> with the actual file names and replace yourStrongPassword with the respective passwords.

  • For IAST 3.10 and up, the .jks file (jks_Name=file.jks) and the associated jks_Password are no longer needed.

Installing the Docker Image

Run the following commands:

$ docker login
$ docker pull checkmarx/iast
$ docker run -d -p 8380:8380 -p 8370:8370 -v /<path_to_config>/:/config/ --name iast checkmarx/iast

Replacing Default Ports

To replace the default ports, do the following:

  1. Add the following to the config file:

    IAST_PORT=8380
    ACCESS_CONTROL_PORT=8370
  2. Replace the ports, if necessary.

Note

  • If you change the ports in the config file, also change the port values for -p 8380:8380 -p 8370:8370 in the docker run command with the new ports on both sides, for example -p 8085:8085 -p 8075:8075.

  • Make sure to state the correct ports in the commands above.