Skip to main content

Installing IAST using Docker

Prerequisites

Installing the IAST Docker image requires the following:

Notice

Creating the Config Folder

1. Create a folder with the following:

  • license.cxl file

  • If SSL is enabled, look under ssl.

  • config file.

2. Create the config file* using the following template:

# Checkmarx IAST config file

# Read the Checkmarx EULA, located at CxIAST End User License Agreement (EULA).
ACCEPT_EULA=y
PUBLIC_ORIGIN=Your_PUBLIC_ORIGIN

# DB Configuration
DB_IP=db
DB_PORT=1433
DB_INSTANCE=
DB_USER=sa
DB_PASSWORD=yourStrongPassword

Notice

Replace <Your_PUBLIC_ORIGIN> with your public origin. The public origin is the URL used to access the manager, for example my-dns.

SSL

To use IAST Manager on SSL, place the .pfx, .jks, and .cer files into the config folder and add their respective file names to the following config files:

# SSL Configuration
USE_SSL=true
pfx_Name=file.pfx
pfx_Password=yourStrongPassword
jks_Name=file.jks
jks_Password=yourStrongPassword
cert_Name=file.cer

Notice

  • Replace <file.pfx, file.jks, file.cer> with the actual file names and replace yourStrongPassword with the respective passwords.

  • For IAST 3.10 and up, the .jks file (jks_Name=file.jks) and the associated jks_Password are no longer needed.

Installing the Docker Image

Run the following commands:

$ docker login
$ docker pull checkmarx/iast
$ docker run -d -p 8380:8380 -p 8370:8370 -v /<path_to_config>/:/config/ --name iast checkmarx/iast

Replacing Default Ports

1. Add the following to the config file:

IAST_PORT=8380
ACCESS_CONTROL_PORT=8370

2. Replace the ports, if necessary.

Notice

  • If you change the ports in the config file, also change the port values for -p 8380:8380 -p 8370:8370 in the docker run command with the new ports on both sides, for example -p 8085:8085 -p 8075:8075.

  • Make sure to state the correct ports in the commands above.