- Checkmarx Documentation
- IAST Documentation
- User Guide
- Managing Projects
Managing Projects
IAST projects are based on single running applications that are automatically registered via the IAST agent. All you need to do is add the IAST agent to the testing environment (AUT) and the applications that are running in this environment are automatically scanned for vulnerabilities.
Once registered for the first time, the CxIAST Management Server automatically creates a new project, which is added to the Projects list.
From within the IAST web application, click the Checkmarx logo at the top left. The Projects list appears.
IAST scans start automatically once the application under test is started. Once the scan starts, the IAST Management Server is notified and the scan status changes to In-progress. A scan remains In-progress as long as the application is running. The progress of the scan is automatically refreshed and aggregated according to the last scan.
To start a scan:
Start the application under test (AUT) and validate that the agent is deployed on the same application server.
IAST scans end automatically once the application under test stops running, but you can manually stop a scan before, if desired. In addition, you can stop multiple scans of two instances of the same applications running on two different servers with 'one click'.
To stop a single scan manually:
In the Projects list, select Monitored Projects to view the Scans list.
Click the desired project to view the scan in progress or identify the desired project under Ongoing Scans and then click More Options. A menu appears.
From the menu, select Stop Scan. The scan stops, the IAST Management Server is notified and the scan status is changed from In-progress to Complete.
Note
Stop Scan is only available if the selected scan is running.
To stop multiple scans of the same application manually:
Under Ongoing Scans, identify the project for which multiple scans are in progress and click More Options. A menu appears.
From the menu, select Stop All Scans. The scans in progress are stopped.
Note
Stop All Scans is only available, if multiple scans are running for the same application.
If you updated your application with a newer version and you want to preserve the information gathered for the older version, you are able to import these scan reports. You can simply transfer all scan information from the older to the newer version and continue with the two version separately.
All information related to vulnerabilities such as Status, State, Comments, Assign to User etc. is transferred as well.
To import scans information from an application:
In the Projects list, select Monitored Projects to view the Scans list.
Identify the project for which you want to import scans under Ongoing Scans, for example bank-storage, and then click More Options. A menu appears.
From the menu, select Import Scans. All the listed projects appear.
Select the project from which you want to import scans, for example bank-analysis.
Confirm that you have read the warnings and only then confirm your request. The scans are imported from the selected project and the current ones are deleted.
Once all scans are complete you can export and download log files for the project for auditing purposes.
To export and download audit logs for the project:
In the Projects list, select Monitored Projects to view the Scans list.
Click the desired project to view the scan in progress or identify the desired project under Ongoing Scans and then click More Options . A menu appears.
From the menu, select Export Project Logs. The project log is downloaded to your default download folder in the format CxIAST_<Project>_logs.zip.
In the illustrated scenario, the project log for the bank-storage project has been downloaded and the project log is therefore called CxIAST_bank-storage_logs.zip
When IAST automatically registers an application, the project name is identical with the name of the application. This name might be confusing or meaningless to IAST users and therefore, the project display name can be changed.
To change the project display name:
In the Projects list, select Monitored Projects to view the Scans list.
Click the desired project to view the scan in progress or identify the desired project under Ongoing Scans and then click More Options. A menu appears.
From the menu, select Rename Project. The Change Name dialog appears with its original name.
Assign a new name, for example bank_storage_new and click <RENAME>. The project display name is changed
Note
The name you assign must start with a letter.
Only letters, numbers and underscores are allowed in the project display name.
The name of the application itself remains unchanged while the project display name (label) changes.
Once all your scans are complete and you have finished with your project, you can delete the project and all the related scan information.
To delete a project:
In the Projects list, select Monitored Projects to view the Scans list.
Identify the desired project under Ongoing Scans and then click More Options. A menu appears.
From the menu, select Delete Project. The project and all the scanning information are deleted.
Note
A project cannot be deleted, if it is currently being scanned. To delete a project, you have to first stop the scan.