About the pool_mapping_mode Property
The pool_mapping_mode property in the config.properties file determines how the Controller maps scan requests to sensor pools. Valid values for the pool_mapping_mode property are as follows:
DISABLED— In this mode, a ScanCentral SAST client
Requesting program or user in a client/server relationship. For example, the user of a web browser is effectively making client requests for pages from servers all over the web. The browser itself is a client in its relationship with the computer that is getting and returning the requested HTML file. The computer handling the request and sending back the HTML file is a server. requests a specific sensor pool A group of ScanCentral sensors, grouped based on any criteria, which you can then target for scan requests. Example: A sensor pool consisting of machines with a lot of physical memory is used for scan requests that require a lot of memory. when it submits a scan request. Otherwise, the default pool is used. For details, see the following table.-
ENABLED— In this mode, if a scan request is associated with an application version A particular iteration of the analysis of a codebase as it applies to Fortify Software Security Center. An application always begins with a first version. An administrator adds new versions, as needed. in Fortify Software Security Center, the Controller queries Fortify Software Security Center to determine the sensor pool assigned to the application A customer codebase evaluated by Fortify software. The top-level container for one or more application versions. When you work with a new codebase, the application and first application version are automatically created. An application includes one or more application versions that users create and configure. version. Or, a ScanCentral SAST client can request a specific sensor pool when it submits a scan request. (A client request for a specific sensor pool takes precedence over a query from the Controller.)Note: Sensors in the default sensor pool run scan requests that are not associated with an application version (and no specific pool is requested on the ScanCentral SAST client command line).
-
ENFORCED—As with the ENABLED mode, if a scan request is associated with an application version in Fortify Software Security Center, the Controller queries Fortify Software Security Center for the sensor pool to use for the application version. Otherwise, the default sensor pool is targeted for scan requests. A client cannot request a specific sensor pool in the ENFORCED mode.If
ssc_lockdown_modeis enabled, then the value set forpool_mapping_modein theconfig.propertiesfile is ignored andpool_mapping_modeis automatically set to ENFORCED.
The following table shows how the Fortify Software Security Center integration with Fortify ScanCentral SAST responds to different input when pool_mapping_mode is set to DISABLED, ENABLED, or ENFORCED.
Note: By default, in enabled and enforced modes, all application versions are assigned to the Default pool.
| INPUT | DISABLED | ENABLED | ENFORCED |
|---|---|---|---|
| No pool or version specified | Default sensor pool | Default sensor pool | Default sensor pool |
| Specific sensor pool (only) specified | Requested sensor pool | Requested sensor pool | Denied |
| Application version (only) specified | Default sensor pool | SSC-assigned pool | SSC-assigned pool |
| Invalid sensor pool (only) specified | Denied | Denied | Denied |
| Invalid application version (only) specified | Denied | Denied | Denied |
| Valid sensor pool and application version specified | Requested sensor pool | Requested sensor pool | Denied |
| Invalid sensor pool and valid application version specified | Denied | Denied | Denied |
| Valid sensor pool but invalid application version specified | Denied | Denied | Denied |
See Also