- Checkmarx Documentation
- IAST Documentation
- Setup Guide
- Installing and Configuring IAST
- Installing the IAST Management Server
- Installing IAST using Docker
Installing IAST using Docker
Prerequisites
Installing the IAST Docker image requires the following:
Access to pull the ‘checkmarx/iast’ Docker image. If you do not have access, contact technical support.
An existing database. For additional information on the supported databases, refer to Server Host Requirements.
A valid IAST license file: license.cxl
refer to License Types and Restrictions for further information.
Note
Downgrading IAST to a previous version is not supported.
IAST Demo is accessible in https://hub.docker.com/repository/docker/checkmarx/iast-demo
Creating the Config Folder
Create the config folder as explained below.
Create a folder with the following:
license.cxl file
If SSL is enabled, look under ssl.
config file.
Create the config file* using the following template:
# Checkmarx IAST config file # Read the Checkmarx EULA, located at CxIAST End User License Agreement (EULA). ACCEPT_EULA=y PUBLIC_ORIGIN=Your_PUBLIC_ORIGIN # DB Configuration DB_IP=db DB_PORT=1433 DB_INSTANCE= DB_USER=sa DB_PASSWORD=yourStrongPassword
Note
Replace <Your_PUBLIC_ORIGIN> with your public origin. The public origin is the URL used to access the manager, for example my-dns.
SSL
To use IAST Manager on SSL, place the .pfx, .jks, and .cer files into the config folder and add their respective file names to the following config files:
# SSL Configuration USE_SSL=true pfx_Name=file.pfx pfx_Password=yourStrongPassword jks_Name=file.jks jks_Password=yourStrongPassword cert_Name=file.cer
Note
Replace <file.pfx, file.jks, file.cer> with the actual file names and replace yourStrongPassword with the respective passwords.
For IAST 3.10 and up, the .jks file (jks_Name=file.jks) and the associated jks_Password are no longer needed.
Installing the Docker Image
Run the following commands:
$ docker login $ docker pull checkmarx/iast $ docker run -d -p 8380:8380 -p 8370:8370 -v /<path_to_config>/:/config/ --name iast checkmarx/iast
Replacing Default Ports
To replace the default ports, do the following:
Add the following to the config file:
IAST_PORT=8380 ACCESS_CONTROL_PORT=8370
Replace the ports, if necessary.
Note
If you change the ports in the config file, also change the port values for -p 8380:8380 -p 8370:8370 in the docker run command with the new ports on both sides, for example -p 8085:8085 -p 8075:8075.
Make sure to state the correct ports in the commands above.