Supporting multiple OpenText SAST versions

To support heterogeneous environments and facilitate phased OpenText SAST upgrades, the Controller supports scan request routing based on the OpenText SAST version. For example, you can configure two different client machines, each with a different OpenText SAST version, and configure the sensors with compatible OpenText SAST versions. By default, jobs from each client are then routed to the sensor that has the same OpenText SAST version installed. You can change this behavior and specify a specific sensor version for all jobs (see Configuring the Controller). You can also specify the OpenText SAST version to send the job using the -sastver option (see Start command).

If you have an existing OpenText SAST installation (that includes the OpenText ScanCentral SAST client executable file in your path and a mixed version environment, make sure that you are running the latest OpenText ScanCentral SAST executable when you run the client and sensor commands. (Use explicit paths.) To add capacity (new clients or sensors), you can clone the VMs you have already configured or use sensor hosts with the same specifications and installation directory structure.

If you clone VMs, then after cloning, you must remove the worker_persist.properties file from the directory specified for the props_dir property (see Configuring Where to Generate Job Files and the worker‑persistence.properties File).

Use sensor machines dedicated to OpenText ScanCentral SAST and run sensors under a dedicated user name. Run only one sensor instance per machine.

If the Controller and Application Security run on different machines, make sure that the ssc_url and this_url properties in the scancentral-ctrl/WEB-INF/classes/config.properties file, and the Controller URL set on Application Security (select Administration > Configuration > ScanCentral SAST) resolve to the correct IP addresses.

Make sure a security system or other tool does not block the following channels of communication:

  • Controller to Application Security port (for uploads of scan results)
  • Application Security to the OpenText ScanCentral SAST Controller port (for OpenText ScanCentral SAST administration console functionality)
  • Clients to the Controller port
  • Sensors to the Controller port
  • Clients to the Application Security port (required only if Application Security is in lockdown mode, or if you use the -sscurl option)