Installation and Configuration of ScanCentral SAST

Hello and welcome to this new video, my name is Jan and I'm a Fortify Pre-Sales Consultant based in Germany and in this video I want to go through the whole installation of ScanCentral SAST and how you can actually configure it the right way. But before we get into the the installation part I also want to mention that if you have any kind of questions please let us know in the comments and i also try to link everything that i will use in this video in the description so please have a look at that as well and you can also use the timestamps in this video to go directly to the topic of your choice but before we can actually start with the installation I want to go through a short agenda because we have different topics for this video so first of all i want to give you an overview about the ScanCentral SAST components itself so that you can understand which kind of components we need and where you can find it and how to install them we are also going through the documentation so I will guide you where you can find all these information if you need some more details and I also want to explain a little bit more what we are going to use in this example when we will take care of the installation and configuration of all these components so ScanCentral SAST controller the sensor and client and at the end of the video I also have some tips and tricks for you so before we can actually start let's start or let's start with the first topic and that's the overview about the ScanCentral SAST components so before we can actually start with this I quickly want to highlight if you have any kind of detailed question or if you want to know a little bit more detail about the whole installation this whole video is based on the documentation so you can find these documentations if you are going to the browser and just type in microfocus.com/documentation and very important for ScanCentral SAST here, if you're searching for documentation related to ScanCentral SAST you need to search for the software security center because when it comes to the documentation ScanCentral SAST is part of the software security center so just search for the software security center select your needed version and there you can find the Fortify ScanCentral SAST installation configuration and usage guide you can also find anything regarding the system requirements in here because we have some system requirement requirements that we need to met of course but if you need any more detail on that please have a look at the documentation and with that we can go through the components parts so first of all to give you a good overview about the whole components this is very important to understand which kind of components we need why we need them and how to configure it the right way so first of all when we talking about ScanCentral SAST we have something called the ScanCentral SAST controller and the ScanCentral SAST controller is mainly the brain or the the main component of ScanCentral SAST because the ScanCentral SAST controller is managing all scans and also talking about to any other kind of components that you can see in a second so basically this is um this is the the middle of ScanCentral SAST so when we talking about scan central we also need of course some sensors because sensors are basically the the things that are running the scan for us so that means the scan central controller is more or less something like a manager or an organizer about the whole scan central zest infrastructure as you can see in a second when everything is up here um but the sensors are mainly the workhorse or the the main worker when it comes to scanning so the sensors are actually these type of machines that actually running the scan and you can manage these sensors by using sensor pools so that means if you have different sensors with different 45 versions in different environments that you want to use you can absolutely do this but you need to to manage that in some way and where you can use the sensor pool so that means for example if you have a pool with low hardware capacity for something like microservices that you want to scan you can easily set up some sensors with low hardware and put these into a sensor pool called low hardware for example and you can also set up some sensor machines with with heavy hardware so that you can actually run bigger scans on it very smoothly then you can create a sensor pool called heavy um heavy hardware or whatever you want but this is basically the main reason why you can create sensor pools so that is basically all about sensors and when we talk about how we can actually get the source code to the sensors we need to use a client and when it comes to clients we have two different options there so first of all we have the embedded client as you can see here this is very important because this is a client that you only get if you install the Fortify static code analyzer so you need to install the fortify static code analyzer to get this embedded client but we also have the option to use a standalone client so that's basically a utility that you can basically unzip and use i will explain that in the later part of this video and show it to you but this is basically a very good way to to offload the translation as well as scanning so when we compare these two clients um the main difference here is with the embedded client you can offload only the scan if you want so you can do the translation part of a fortify static code analyzer scan right here and just sending the scanning part to the sensors and if you are using the standalone client you can basically only offload the translation and scan so that means you need to have a look at our system requirements because there is a document where you can have a look at all supported languages for this we will also go going through that in a later part but please keep in mind that the standalone client can be run without Fortify static code analyzer and for the embedded client you need the static code analyzer and then of course we have our software security center so in this case we are not going to install the software security center this is already up and running because we already have some other videos um on bed and the software security is mainly of course the interface where we are going to interact with the scans or where we can see which kind of sensors online get all the information about the scans so the ui basically and these are all the components that we need and in our case we are going to install the controller on a windows server so in this case we are going to install basically not only the controller we are also going to to install the sensor and an embedded client on one single windows server so i can't recommend to do this on a production base i highly recommend to split these components up if you try to set up a production environment but for this demo purposes i i thought it would be easier if we are only using one server so please keep in mind in this case we are going to install the scan center resize controller the sensor and the embedded lines on one windows server but i also want to demonstrate you the standalone client so for that i decided to use just a standard ubuntu machine just to show you how the stands alone client is working and last but not least of course we have our software security center and as I said this is already up and running and we can start using this and with that I would say we can start with the installation and configuration of the ScanCentral SAST controller because this is the first thing that we need to do and for that we need to install the software security set uh we sorry we need to install the the software ScanCentral SAST controller and we need to connect it to the software security so this is basically the first step that we need to do and for that I will switch now to our windows machine okay welcome to our new and fresh installation of windows server 2019 so this is a server running on aws with 16 cores and 32 gigabytes of ram but as i said this is just a demo of how you can actually have an overview about the installation process so i highly recommend to have a look at system requirements if you try to set this up for your own so in this case as i said this is a fresh and new machine the only thing that I installed on this machine is basically java because this is the only thing that we need to have here so if you um if you go to the command line you can just check the version so in this case uh i you i'm using the the java 11 version so this is very important please check this before you can start with the installation and basically when we talking about installation the only file that you need for this is the fortify scan central controller zip file and you will get these downloading um in our portal so please keep in mind that you need a license for this of course and after you get this we can basically unzip it here and we will move it to a choice to a directory of our choice so in this case i'm going to put this under c program files and i will create a new folder called fortify and i paste it in here and now as you saw in the in the beginning we need to make sure that the connection to all other components can be established and before we can start with the installation of the service we need to configure some authentication tokens so that means if we are going to this folder we can go to tomcat web apps scan central controller web and and classes and there you can where you can find a file called config properties and i'm going to open this up with let's say visual studio code that should be fine and where we can find anything so let's get through this so basically this is a file where you can configure everything related to the scan central sas controller so that means we can configure the the worker authentication token so in this case worker means sensor so don't please don't be confused with this if you ever saw see something like worker this is the scan central says control not controller sensor so worker is sensor so that means uh this sensor or worker authentication token is very important when it comes to the connection from the scan sensor sas controller to the sensor so please keep that in mind when we talking about the client here's also another authentication token that we can change and there are also a ton of other options but i would highly recommend to have a look at our documentation here because if we open this up i will also put this into the description we can see basically everything that we can configure here so in this case i'm only going through the necessary things for our case but please keep in mind if you have a special installation or want to to make sure for example if you want to configure the the license and infrastructure manager for example you need to check this but with this i would say we can actually edit our parameters so first of all we need to edit the authentication tokens of course we can use this but let's let's change this to to another value and please keep in mind or please make sure there's no spaces at the end or at the beginning because this can cause some some issues so please put this completely in here that should be fine and save this for later use of course so the next thing that we need to configure uh or for this very simple and basic um installation we need to configure the ssc url so for that i already checked if this is up and working and it is so we can reach this from our machine so i will put the link or the url in here so in this case we are using another system and the only thing that we now need to change for our demo is uh one thing let's search for it where is it um the ssc scan central controller secret and this is very important when it comes to the um to the connection from the ssc to scan central to the scan central controller so this is the um the token or the secret that we need to use or that we need to put in our ssc later so in this case to make things a little bit easier i also want to change this into 45 sc so the only thing that we need to do now is to save the file and just close it so after that we can start installing the servers and for that we need to go into the controller and into tomcat and bin so let's open this up in the command prompt that i can show you how you can install it now oh sorry so okay the the next thing or the only thing that we now need to do is you see something like the servers dot bad file and we need to use this batch file to install our service so that means we need to select the service dot batch file and say okay we want to install the scan central controller and now we can set a name of our choice so in this case let's say i want to say i want to to name it scan central controller and that should be fine so now we can just hit enter and as you can see this is why we need java because it will put the java home path in here and also of course for tomcat itself and after that you can see the servers has been installed so we can go to our services and have a look at our services so in this case we only need to do uh some small things so as you can see here's our servers and we need to click on properties and we want to make sure of course the startup type is automatic and in our case we also want to make sure that it can interact with the desktop so make sure this is on apply and after that we can start the scan central controller and while we're waiting until this is up we can actually go to the ssc and log in because there we need to configure to configure the connection between the scan central zest controller and the ssc so now you can see we have no scan central tab at the top because we need to enable it first so for that you need to go to the administration page go to configuration and scan central zest and where you can find this configuration we need to enable it of course and then we need to put our scan central controller url in here so basically i think that should be up and running now we can check this using of course our browser just put in oh sorry just put in the localhost with the default port of tomcat this is 8080 and just put a slash scan central minus controller um into it and now we can see something like this and if you can see something like this you probably set the scan central size controller up in the right way so that means we can use this now and as this is on another system we need to use something like the ip address to get this in here because if we type in locals it will not have any kind of connection so in this example we are going to use the public ip address just to make things easier when we can set the scan central period so that means every time it should be refreshing the scan central sas page inside of our ssc and now we need to put in the controller shared secret and this is exactly this here so we can use this put it in here save it and now you can see we need to restart the sse so let's do this i will do this on another display restart and now we can just wait until the ssc is back again and we will have a look at scan central zest if we can see the controller in here so just a second until the ssc is up and running again okay so the ssc is now up and running again one thing that i forgot to mention we also should restart the scan central controller service as well so please make sure we restart the controller as well and now we wait only some few seconds until the this controller is up and running again yep that should be fine and now we can get into the scan central tab so that means if we click here you can see this sas part is already enabled and we click on controller and we can see where is our controller so if you can see this the connection between the scan central um sas controller and ssc is successful so that is basically it when it comes to the scan central zest controller installation so with that i would say we can go back into our presentation because now the next thing is of course that we want to install the scan central zest sensor because now our controller is already up and running and we want to make sure that the sensor is also connecting to the controller and we can start using it in this case i'm only using the default pool for that so i will not configure any kind of new pool any kind of sensor pool but of course you can do this if you want but in this case i'm only go ahead with the default pool so basically what we need to do now is to install the sensor and make sure that the connection can be established to the controller and for that we are using the other token or of the other authentication token that we set in our client properties file in here so let's switch back to the machine once again just a second so okay the first thing that we need to do when it comes to installing the sensor is basically to install the static code analyzer so we need to install the fortify steady code analyzer and please make sure that your system met the requirements because in this case we can use the normal system requirements from fortify sca so that means let's open up the installation here i prepared the file in here and we can start the installation on our system so let's agree this yep that's completely fine we need to put our license in here and yeah that's fine no i don't want to migrate very important here now i want to install the sample source because i because i want to showcase a scan afterwards so that means yep it's fine and now we can wait until the scan is finished and we can update our rule packs so let's just wait a few more minutes or seconds until this is completed okay now the rupak update was successful and we can start to set up the sensor so i just click here on ok and first thing that we need to do before we can actually start the sensor we need to we need to configure the configuration so that means we need to configure the authentication token that we set before so for that you only need to go to the installation part or installation directory of fortify sca and where you can find the let's check this one more time the core and directory config and there you can find something called the worker properties so as you can remember at the beginning i said worker means sensor so this is basically the same thing here so we will open this up using uh visual still studio code again and yep the only thing that we need to set here is the worker authentication token if you want to set up an encrypted token please have a look at the documentation but in this case we only need to put in our token in here so if we check the worker authentication token let's put this into this file make sure there's no spaces save it and that's it after that we can start establish the sensor and when it comes to starting the sensor we have basically two different ways first of all uh you you can basically start it using the command line using the scan central utility from the source code analyzer so when you go to the command line you can basically use the command line to put in the following let's just a second i have this open up on another window so when it comes to the part of the command line installation you can simply on windows type in scan central scan central utility the url of the controller and say i want to be a worker same for linux as well but in this case we are running this on windows on the wind and on windows we have two different options first of all we can use the normal um cli option as here but we can also set this up as a as a service and this is basically what we are going to do now so first of all we need to change the directory here so let's go into bin scan central worker service and i will open this up here because there you can see we have the setup worker service batch file and this is responsible for setting the servers up so for that we need to um clarify some things so let me oh let me put this in here but you can see it and the first thing that we need to do is of course say setup workshop servers dot badge and the first thing that we need to put in here is the version of 45 sca that we already have been installed so that means in this case i installed 21.2.2 and in this case you only need to put 21.2 in here and the next thing that we need to configure is the sv url of the scan central control to make sure the connection can be established so that means we can use this one and paste it into here and last thing is of course the shared secret that we need to put in here so that means the same as before so 45 ssc and with that we can hit enter and now it is asking you if you want to assign the sensor to a pool to a specific pool but as i said in the beginning i am only using the default pool so i'm not gonna assign it here so i can just simply press enter so in this case you need to make sure that you're running the command line as an administrator so this is very important if you set this up as a service on windows so please make sure that you set this up and we can confirm it with yes and the script was completed so with that we can go back to our services refresh these and search for fordify fortify scan central roku server so this is the default name for it and here we need to do the same things as before the startup tab is um automatic on default so that is fine but we need to make sure it can interact with the desktop because we want to use some some files from this system so please make sure that it's up and running and we can hit start to start it and we can go to the ssc refresh it and now we can just wait until the sensor is here okay so the sensor is already up and running so you can see if you click here a lot of metadata so you can see which kind of sca version we are using which kind of operation uh operating system how many cent processors we have available how many memory so you can really see a lot of details in here and now yeah we are ready uh to get uh starting with the scanning but before we can do this i will quickly switch back to the presentation to um to get into the next part so this is basically our infrastructure right now so we have the scan central sas controller the ssc is up and running the sensor is up and running we have a default pool and that is completely fine and now we want to start scanning of course so we need to use a client to start scanning so that means in this case i want to start with the standalone client and for that i need to switch to the ubuntu system so just give me a second and i will switch to the ubuntu system okay so welcome to the ubuntu system so before we can actually start scanning i want to go back to the documentation first because this is very important to understand because when we open up the documentation uh let's do this right here sorry this was the right wrong run so as you can see here in the documentation we have two different options first of all we have the option of offloading scanning only so this is the embedded client and we have the offloading both translation and scanning options so please have a look at this here if you want to use the standalone client and one very important part here and this is something that i mentioned in the beginning is we only supporting um offloading of translation and scan only for some certain program languages so please please have a look at the list here or have a look at the updated list on the on the latest documentation where you can get an overview about which kind of languages we are actually supporting because in this case we want to we want to scan a basic java application so you can use this repo or you can use any anything else but in this case this is a very simple java application built with maven which we can use for this scan so as you can see this is basically a demonstration of the 45 scanning capabilities with aws sdk but uh never mind this is a good example to show you how you can actually integrate um this into a standalone client so that means if we switch back to our client just a second if we switch switch back here you can see that we have the source code in here and i also have the 45 scan search for client so this is basically just a zip file that you can download and unzip and after that you can use the utilities in there so that means if we go into the fortify scan central client you can see that we have just as before uh the core directory and where you can find uh the config directory and there we have something called the client properties so please make sure that you edit the client properties so in this case i'm going to show this to you i already did this on uh on another another demonstration but the only thing that you need to put here is of course the authentication token that you set before for the client or um yeah the client so that means if we switch back just one time this is the controller configuration please use this one here and with that i think we can go back and start scanning so basically what i'm going to use now is the scan central utility for that so that means um if we just switch to our source code i can demonstrate how you can actually work with this so we are going to use the for fortify aws java sdk demo and inside of here you can see that we have the source as well as the pom file for building it with maven so please make sure that you have maven installed of course and test it before you actually scan it so that means we want to um translate and off we want to upload the translation as well as the scanning and we can do this by using our scan central client our standalone client so that means in this case we need to go one directory back and need to go into the scan central client directory and go into bin and choose scan central so please make sure this is executable of course and and now we can actually start using it so the first thing that you need that you need to put here is basically the url of the scan central controller so let me check this in another tab uh right on the other screen yep so i will put this in here and after that we only need to say okay we want to to start um the client or the the command the scan itself and we also need to include the build option or the knit not a build option build tool so if you don't if you're using something like python for example you need to hit none in here but in this case we are using maven so you we can put maven in here so if you want to get familiar with this please have a look at the documentation and after that we can basically hit enter and it will automatically pull every kind of dependency that we need for this scan and put it together in one file with the source code and send this package to the controller so as you could see this was uh successful and we oh you can't see it just uh just a second so as you can see um this was successful and we submitted a job and received a unique token so with that we can basically go back to our ssc and have a look at our scan request because now we can see we actually got a scan request and we can see this is basically this is actually running so we can see this is um currently running and we can wait until the result is here because this is a very simple a very basic application this only should take some some seconds in here but before we get into this oh the scan is completed so this was successful and as you could see um this was only running the scan not uploading it into software security center i will explain this in a second how you can actually do this but in this case we can basically download the fpr file on our local machine and have a look at the results we can also download the log file if we want um but yeah this is basically it and you can also see the scan arguments um as well as everything else and this is a good example how you can actually how you can actually start a very basic scan so that means now you can see the whole results in here so this was successful and now as i said i want to also show you how you can actually upload this into the software security center to an application for this of course we need first of all an application so let's use for example the demo application here so i will just delete this one here but we do not have any kind of results in here so this is a basically fresh new application called demo app and this has the id 7 so in this case we can see it directly in the url so this is very important we need this and we also need a contr a token to upload the results directly so that means we need to go to the administration page to users token management and create something called the scan central controller token so that means we need to save this and can use this so that means let's switch back to the ubuntu system once more clear everything up and now we can use the same command as before but now we want to upload the code so that means we need to put upload at the the end upload and start with version id so in our case it was version oh let's uh let's make it this way um so we can use version number i think this was seven let's copy this in here application demo application yeah it was seven so we can go back here version id is seven and we also need to give it a up token so this is basically the upload token so that means we can put this in here and let me just check if i forgot something but i think that should be fine so with that we can also uh just hit enter as before waiting and until the the package is successfully uploaded to the ssc and yep the job has submitted and we can actually start having a look at the ssc again so let's go back to scan central and now we can see the scan is actually running and it already connected to the demo app version one so that means it was successful and we can now just refresh and wait some seconds until the demo is is done and then we can have a look at the results directly inside of the application so just the upload is cute yep that's completely fine so we can now go to the demo app so in this case uh we need to prove this but you can easily set this up using your profile section so in this case let's approve it say yes we want to prove it and just wait until it is finished complete and now we can see our results using the scan central zest sensor here directly in sse so this is basically a very short demo of how you can use the standalone client but let's switch switch back to the presentation once more to show you or just say um tell you a little bit more about the embedded client because when we talking about the embedded client we want of course um sometimes we want to only offload the scan so that means for example if there's language that is not supported by the standalone client we can use the embedded client to actually offloading the heavy scan part of a 45 scan so that means in this case we want to install and configure this client this embedded client and for this we are using the already existing 45 static code analyzer installation so for that let's switch back to our system and just close this right here yep which is fine and now for this example i'm going to use the sample code that is directly inside of the installation directory of fordify so let's go to fortify sda and apps go to samples basic and let's use 8ball this is a java application so very easy and easy to scan and you can also have a look at the readme file because here you can see the different steps that are needed to actually do the scan and the interesting part here is of course we can use the the clean to uh use this on our system uh or let's let's basically do this directly and uh yeah first of all we need to just a normal fortify static code analyzer clean to make sure everything in case of temporary files is deleted so just hit enter to do the clean then we will do the translation so we will actually build the application to a mobile build session format in fordify and now we have this mobile build session connected to this build id and instead of scanning this now on our local system we can actually use scan central to offload the scan only so that means before we can actually start scanning we need to do one more thing and that is to configure the client authentication token so for that we need to go to the fortify sca installation directory go to core config and then we do not need the worker properties because this was for the sensor we need the client properties so please go in here and as you can see there is nothing in here but in this case we can use the same authentication token as before so let's oh put this in here save the file and go back so but this is basically um this is basically the whole setup that you need to do to make sure that the connection can be established and now we can continue in the command line so basically what we can do now is to use the scan central utility so if you um use this and just type in help you can see actually see all the different things what we can do here we can also see the worker thing to actually start the sensor but in this case we want to use the start command to start a remote scan job so that means we need to use scan central and put url of the scan central controller in here so let's use this one yep and after that we can say okay we want to start up we want to start the scan so that's basically it but of course we also want to um pack or to to connect this directly to the right application so that means we need to have a look at our applications and as you can see we have something called 8 ball and yeah just let let's delete this and as you can see there's nothing in here and this is the version six so we need to say okay I want to upload this to version version id six and we also need to provide the upload token so let me search for that just a second i need to copy this out of here so let's type in up token put the token in here and now we need to set the build id as before so here so i will put this in here eight ball and now we want to just hit scan so that's it so basically we can now hit enter and it will automatically upload the mobile build session to the controller so you can see it will export the mobile build session and handle it over to the controller and now when we go back to the software security center to scan central and just wait a couple of seconds we can see the scan will start and basically we did the whole translation on this system and upload it to the scan central zest controller and now the sensor will take care of the scanning only so let's wait okay the scan is already completed we can see now we submitted through the administrator administrator and now we can just have a look at eight ball okay there's no results uh let's check the commands once again or let's i will put the prepared command in here just to make sure that i do not make any mistakes in pasting any kind of tokens in the wrong wrong direction so let's go to skin central and wait until the scan is in here okay so the scan is now here so as you could see i made some mistake in copy and pasting something from the command line because now as you can see it is exactly the same i think i made some mistakes in the token copy process but it doesn't matter so that means if we say refresh we can see upload was complete so if we go to our 8 ball application version we can see under the artifacts that the artifacts is already here so we can say yes and improve it and after that we are able to see our results of just the remote scan in here so yeah this is basically it and one little thing that i also want to to mention here um you can also use of course any kind of plugins for our ids so if we go to uh install the fortify plugin on for on the visual studio code for example we can also do the same process in here so that means while this is installing we can open up the same folder as before so we can go to samples basic eight ball open this one up yep we trust this and now we can yeah have a look at the file of the application and we can actually start um using our integration so that means we can go to the fortify integration click on ScanCentral SAST for example and we only need to make sure that the controller is here so that means let's put this in here and we can also say we want to upload this but in this case i only want to showcase you that is very easy possible using the ide plugins as well so we only skip we only click on scan and it will automatically do the same that we've done here in the command line and we can head back to scan central just also wait a couple of seconds until the scan is here and um yeah in the meantime I also can uh talk a little bit more about some tips and tricks so i already talked about avoiding spaces in the authentication token but i also want to to highlight or to mention it again so please make sure you do not make any mistakes put any kind of any kind of spaces inside of the the configuration another very important thing is if you want to change the token so let's say you want to change the token um you need to first change it in the controller config properties and then change it in the worker properties so please make sure to first change it in the controller properties and um very very important one or the the most important thing here is of course please make sure that every connection can be established so please make sure there's no firewall issue nor port conflict um that all these things or all these components can communicate very well together and i think that's all so thank you very much for watching and please leave a like if you find this video helpful and as i said you can find anything down below in the description uh when it comes to links and anything else and if you have any kind of feedback questions please let us know and with that thank you very much and have a nice day

Hello and welcome to this new video, my name is 
Jan and I&#39;m a Fortify Pre-Sales Consultant based   in Germany and in this video I want to go through 
the whole installation of ScanCentral SAST and   how you can actually configure it the right way. 
But before we get into the the installation part   I also want to mention that if you have any kind 
of questions please let us know in the comments   and i also try to link everything that i will 
use in this video in the description so please   have a look at that as well and you can also use 
the timestamps in this video to go directly to   the topic of your choice but before we can 
actually start with the installation I want   to go through a short agenda because we have 
different topics for this video so first of all   i want to give you an overview about the ScanCentral SAST components itself so that you can   understand which kind of components we need and 
where you can find it and how to install them   we are also going through the documentation so 
I will guide you where you can find all these   information if you need some more details and I 
also want to explain a little bit more what we   are going to use in this example when we will take 
care of the installation and configuration of all   these components so ScanCentral SAST controller 
the sensor and client and at the end of the video   I also have some tips and tricks for you so 
before we can actually start let&#39;s start or   let&#39;s start with the first topic and that&#39;s the 
overview about the ScanCentral SAST components   so before we can actually start with this I 
quickly want to highlight if you have any kind of   detailed question or if you want to know a little 
bit more detail about the whole installation   this whole video is based on the documentation so 
you can find these documentations if you are going   to the browser and just type in microfocus.com/documentation and very important for ScanCentral SAST here, if you&#39;re searching for documentation 
related to ScanCentral SAST you need to search   for the software security center because when 
it comes to the documentation ScanCentral SAST   is part of the software security center so 
just search for the software security center   select your needed version and there you can 
find the Fortify ScanCentral SAST installation   configuration and usage guide you can also find 
anything regarding the system requirements in   here because we have some system requirement 
requirements that we need to met of course but   if you need any more detail on that please have 
a look at the documentation and with that we   can go through the components parts so first of 
all to give you a good overview about the whole   components this is very important to understand 
which kind of components we need why we need them   and how to configure it the right way so first 
of all when we talking about ScanCentral SAST   we have something called the ScanCentral SAST
controller and the ScanCentral SAST controller   is mainly the brain or the the main component of 
ScanCentral SAST because the ScanCentral SAST  controller is managing all scans and also talking 
about to any other kind of components that you can   see in a second so basically this is um this is 
the the middle of ScanCentral SAST so when we   talking about scan central we also need of course 
some sensors because sensors are basically the the   things that are running the scan for us so that 
means the scan central controller is more or less   something like a manager or an organizer about 
the whole scan central zest infrastructure as   you can see in a second when everything is up here 
um but the sensors are mainly the workhorse or the   the main worker when it comes to scanning so the 
sensors are actually these type of machines that   actually running the scan and you can manage these 
sensors by using sensor pools so that means if you   have different sensors with different 45 versions 
in different environments that you want to use you   can absolutely do this but you need to to manage 
that in some way and where you can use the sensor   pool so that means for example if you have a 
pool with low hardware capacity for something   like microservices that you want to scan you 
can easily set up some sensors with low hardware   and put these into a sensor pool called low 
hardware for example and you can also set up   some sensor machines with with heavy hardware so 
that you can actually run bigger scans on it very   smoothly then you can create a sensor pool called 
heavy um heavy hardware or whatever you want but   this is basically the main reason why you can 
create sensor pools so that is basically all about   sensors and when we talk about how we can actually 
get the source code to the sensors we need to use   a client and when it comes to clients we have two 
different options there so first of all we have   the embedded client as you can see here this is 
very important because this is a client that you   only get if you install the Fortify static code 
analyzer so you need to install the fortify static   code analyzer to get this embedded client but we 
also have the option to use a standalone client   so that&#39;s basically a utility that you can 
basically unzip and use i will explain that in the   later part of this video and show it to you but 
this is basically a very good way to to offload   the translation as well as scanning so 
when we compare these two clients um   the main difference here is with the embedded 
client you can offload only the scan if you want   so you can do the translation part of a fortify 
static code analyzer scan right here and just   sending the scanning part to the sensors 
and if you are using the standalone client   you can basically only offload the translation and 
scan so that means you need to have a look at our   system requirements because there is a document 
where you can have a look at all supported   languages for this we will also go going through 
that in a later part but please keep in mind   that the standalone client can be run without Fortify
static code analyzer and for the embedded client   you need the static code analyzer and then of 
course we have our software security center   so in this case we are not going to install the 
software security center this is already up and   running because we already have some other videos 
um on bed and the software security is mainly   of course the interface where we are going to 
interact with the scans or where we can see which   kind of sensors online get all the information 
about the scans so the ui basically and these   are all the components that we need and in our 
case we are going to install the controller on   a windows server so in this case we are going 
to install basically not only the controller   we are also going to to install the sensor and an 
embedded client on one single windows server so i   can&#39;t recommend to do this on a production base i 
highly recommend to split these components up if   you try to set up a production environment but for 
this demo purposes i i thought it would be easier   if we are only using one server so please keep 
in mind in this case we are going to install the   scan center resize controller the sensor and the 
embedded lines on one windows server but i also   want to demonstrate you the standalone client so 
for that i decided to use just a standard ubuntu   machine just to show you how the stands alone 
client is working and last but not least of   course we have our software security center and 
as I said this is already up and running and we   can start using this and with that I would say we 
can start with the installation and configuration   of the ScanCentral SAST controller because this is 
the first thing that we need to do and for that   we need to install the software security set uh 
we sorry we need to install the the software ScanCentral SAST controller and we need to connect it 
to the software security so this is basically the   first step that we need to do and for that I will 
switch now to our windows machine okay welcome to   our new and fresh installation of windows 
server 2019 so this is a server running on   aws with 16 cores and 32 gigabytes of ram but 
as i said this is just a demo of how you can   actually have an overview about the installation 
process so i highly recommend to have a look at   system requirements if you try to set this up for 
your own so in this case as i said this is a fresh   and new machine the only thing that I installed on 
this machine is basically java because this is the   only thing that we need to have here so if you um 
if you go to the command line you can just check   the version so in this case uh i you i&#39;m using 
the the java 11 version so this is very important   please check this before you can start with the 
installation and basically when we talking about   installation the only file that you need for 
this is the fortify scan central controller   zip file and you will get these downloading um 
in our portal so please keep in mind that you   need a license for this of course and after 
you get this we can basically unzip it here   and we will move it to a choice to a 
directory of our choice so in this case   i&#39;m going to put this under c program files 
and i will create a new folder called fortify   and i paste it in here and now as you saw in 
the in the beginning we need to make sure that   the connection to all other components can be 
established and before we can start with the   installation of the service we need to configure 
some authentication tokens so that means if we are   going to this folder we can go to tomcat web apps 
scan central controller web and and classes and   there you can where you can find a file called 
config properties and i&#39;m going to open this up   with let&#39;s say visual studio code that should 
be fine and where we can find anything so let&#39;s   get through this so basically this is a file 
where you can configure everything related to   the scan central sas controller so that means 
we can configure the the worker authentication   token so in this case worker means sensor 
so don&#39;t please don&#39;t be confused with this   if you ever saw see something like worker this 
is the scan central says control not controller   sensor so worker is sensor so that means uh 
this sensor or worker authentication token   is very important when it comes to the 
connection from the scan sensor sas controller to   the sensor so please keep that in mind when we 
talking about the client here&#39;s also another   authentication token that we can change and 
there are also a ton of other options but i would   highly recommend to have a look at our 
documentation here because if we open this up   i will also put this into the description we can 
see basically everything that we can configure   here so in this case i&#39;m only going through 
the necessary things for our case but please   keep in mind if you have a special installation 
or want to to make sure for example if you want   to configure the the license and infrastructure 
manager for example you need to check this but   with this i would say we can actually edit 
our parameters so first of all we need   to edit the authentication tokens of course we can 
use this but let&#39;s let&#39;s change this to to another   value and please keep in mind or please make sure 
there&#39;s no spaces at the end or at the beginning   because this can cause some some issues so please 
put this completely in here that should be fine   and save this for later use of course so the next 
thing that we need to configure uh or for this   very simple and basic um installation we need 
to configure the ssc url so for that i already   checked if this is up and working and it is so 
we can reach this from our machine so i will   put the link or the url in here so in this case 
we are using another system and the only thing   that we now need to change for our demo is 
uh one thing let&#39;s search for it where is it   um the ssc scan central controller secret and 
this is very important when it comes to the um   to the connection from the ssc to scan central to 
the scan central controller so this is the um the   token or the secret that we need to use or that 
we need to put in our ssc later so in this case   to make things a little bit easier i also want 
to change this into 45 sc so the only thing that   we need to do now is to save the file and just 
close it so after that we can start installing   the servers and for that we need to go into 
the controller and into tomcat and bin so let&#39;s   open this up in the command prompt that i can 
show you how you can install it now oh sorry so okay the the next thing or the only thing that 
we now need to do is you see something like the   servers dot bad file and we need to use this batch 
file to install our service so that means we need   to select the service dot batch file and say okay 
we want to install the scan central controller   and now we can set a name of our choice so in this 
case let&#39;s say i want to say i want to to name it   scan central controller and that should be fine so 
now we can just hit enter and as you can see this   is why we need java because it will put the java 
home path in here and also of course for tomcat   itself and after that you can see the servers 
has been installed so we can go to our services   and have a look at our services so 
in this case we only need to do uh   some small things so as you can see here&#39;s 
our servers and we need to click on properties   and we want to make sure of course the 
startup type is automatic and in our case   we also want to make sure that it can interact 
with the desktop so make sure this is on   apply and after that we can start the scan 
central controller and while we&#39;re waiting   until this is up we can actually go to the 
ssc and log in because there we need to   configure to configure the connection between 
the scan central zest controller and the ssc so   now you can see we have no scan central tab 
at the top because we need to enable it first   so for that you need to go to the administration 
page go to configuration and scan central   zest and where you can find this configuration 
we need to enable it of course and then we need   to put our scan central controller url in here so 
basically i think that should be up and running   now we can check this using of course 
our browser just put in oh sorry   just put in the localhost with the default port 
of tomcat this is 8080 and just put a slash   scan central minus controller um into 
it and now we can see something like   this and if you can see something like this you 
probably set the scan central size controller   up in the right way so that means we can use 
this now and as this is on another system   we need to use something like the ip address to 
get this in here because if we type in locals it   will not have any kind of connection so in this 
example we are going to use the public ip address   just to make things easier when we can set the 
scan central period so that means every time   it should be refreshing the scan central sas page 
inside of our ssc and now we need to put in the   controller shared secret and this is exactly 
this here so we can use this put it in here   save it and now you can see we need to restart 
the sse so let&#39;s do this i will do this on another   display restart and now we can just wait until 
the ssc is back again and we will have a look   at scan central zest if we can see the controller 
in here so just a second until the ssc is up   and running again okay so the ssc is now up and 
running again one thing that i forgot to mention   we also should restart the scan central controller 
service as well so please make sure we restart the   controller as well and now we wait only some 
few seconds until the this controller is up   and running again yep that should be fine and now 
we can get into the scan central tab so that means   if we click here you can see this sas part is 
already enabled and we click on controller and we   can see where is our controller so if you can see 
this the connection between the scan central um   sas controller and ssc is successful so that is 
basically it when it comes to the scan central   zest controller installation so with that i 
would say we can go back into our presentation   because now the next thing is of course that 
we want to install the scan central zest   sensor because now our controller is already up 
and running and we want to make sure that the   sensor is also connecting to the controller and we 
can start using it in this case i&#39;m only using the   default pool for that so i will not configure 
any kind of new pool any kind of sensor pool   but of course you can do this if you want but 
in this case i&#39;m only go ahead with the default   pool so basically what we need to do now is 
to install the sensor and make sure that the   connection can be established to the controller 
and for that we are using the other token or   of the other authentication token that we set 
in our client properties file in here so let&#39;s   switch back to the machine once again just a 
second so okay the first thing that we need to   do when it comes to installing the sensor is 
basically to install the static code analyzer   so we need to install the fortify steady code 
analyzer and please make sure that your system   met the requirements because in this case we can 
use the normal system requirements from fortify   sca so that means let&#39;s open up the installation 
here i prepared the file in here and we can start   the installation on our system so let&#39;s 
agree this yep that&#39;s completely fine   we need to put our license in here and yeah 
that&#39;s fine no i don&#39;t want to migrate very   important here now i want to install the sample 
source because i because i want to showcase a scan   afterwards so that means yep it&#39;s fine and now 
we can wait until the scan is finished and we can   update our rule packs so let&#39;s just wait a few 
more minutes or seconds until this is completed okay now the rupak update was successful and we 
can start to set up the sensor so i just click   here on ok and first thing that we need to do 
before we can actually start the sensor we need to   we need to configure the configuration 
so that means we need to configure   the authentication token that we set before so for 
that you only need to go to the installation part   or installation directory of fortify sca and 
where you can find the let&#39;s check this one more   time the core and directory config and there you 
can find something called the worker properties   so as you can remember at the beginning i said 
worker means sensor so this is basically the   same thing here so we will open this up using 
uh visual still studio code again and yep   the only thing that we need to set here is 
the worker authentication token if you want   to set up an encrypted token please have a 
look at the documentation but in this case   we only need to put in our token in here so 
if we check the worker authentication token   let&#39;s put this into this file make sure there&#39;s 
no spaces save it and that&#39;s it after that   we can start establish the sensor and when it 
comes to starting the sensor we have basically   two different ways first of all uh you you 
can basically start it using the command line   using the scan central utility from the source 
code analyzer so when you go to the command line you can basically use the command line to put in 
the following let&#39;s just a second i have this open   up on another window so when it comes to the 
part of the command line installation you can   simply on windows type in scan central scan 
central utility the url of the controller and say   i want to be a worker same for linux as well but 
in this case we are running this on windows on   the wind and on windows we have two different 
options first of all we can use the normal   um cli option as here but we can 
also set this up as a as a service   and this is basically what we are going to 
do now so first of all we need to change the   directory here so let&#39;s go into bin scan central 
worker service and i will open this up here   because there you can see we have the setup 
worker service batch file and this is responsible   for setting the servers up so for that we need 
to um clarify some things so let me oh let me   put this in here but you can see it and the 
first thing that we need to do is of course   say setup workshop servers dot badge and the first 
thing that we need to put in here is the version   of 45 sca that we already have been installed 
so that means in this case i installed 21.2.2   and in this case you only need to put 21.2 in 
here and the next thing that we need to configure   is the sv url of the scan central control to 
make sure the connection can be established so   that means we can use this one and paste it into 
here and last thing is of course the shared secret   that we need to put in here so that means the same 
as before so 45 ssc and with that we can hit enter   and now it is asking you if you want to assign 
the sensor to a pool to a specific pool but as i   said in the beginning i am only using the default 
pool so i&#39;m not gonna assign it here so i can just   simply press enter so in this case you need to 
make sure that you&#39;re running the command line   as an administrator so this is very important 
if you set this up as a service on windows so   please make sure that you set this up and 
we can confirm it with yes and the script   was completed so with that we can go back to our 
services refresh these and search for fordify   fortify scan central roku server so this is 
the default name for it and here we need to   do the same things as before the startup tab 
is um automatic on default so that is fine   but we need to make sure it can interact 
with the desktop because we want to use some   some files from this system so please make sure 
that it&#39;s up and running and we can hit start to   start it and we can go to the ssc refresh it and 
now we can just wait until the sensor is here okay   so the sensor is already up and running so you can 
see if you click here a lot of metadata so you can   see which kind of sca version we are using which 
kind of operation uh operating system how many   cent processors we have available how many memory 
so you can really see a lot of details in here   and now yeah we are ready uh to get uh starting 
with the scanning but before we can do this i will   quickly switch back to the presentation to um 
to get into the next part so this is basically   our infrastructure right now so we have the scan 
central sas controller the ssc is up and running   the sensor is up and running we have a default 
pool and that is completely fine and now we want   to start scanning of course so we need to use a 
client to start scanning so that means in this   case i want to start with the standalone client 
and for that i need to switch to the ubuntu system   so just give me a second and i will switch to the 
ubuntu system okay so welcome to the ubuntu system   so before we can actually start scanning i want 
to go back to the documentation first because   this is very important to understand because 
when we open up the documentation uh let&#39;s   do this right here sorry this was the right wrong 
run so as you can see here in the documentation   we have two different options first of all we have 
the option of offloading scanning only so this is   the embedded client and we have the offloading 
both translation and scanning options so please   have a look at this here if you want to use the 
standalone client and one very important part here   and this is something that i mentioned in the 
beginning is we only supporting um offloading   of translation and scan only for some certain 
program languages so please please have a   look at the list here or have a look at the 
updated list on the on the latest documentation   where you can get an overview about which kind of 
languages we are actually supporting because in   this case we want to we want to scan a basic java 
application so you can use this repo or you can   use any anything else but in this case this is 
a very simple java application built with maven   which we can use for this scan so as you can 
see this is basically a demonstration of the 45   scanning capabilities with aws sdk but uh never 
mind this is a good example to show you how you   can actually integrate um this into a standalone 
client so that means if we switch back to our   client just a second if we switch switch back here 
you can see that we have the source code in here   and i also have the 45 scan search for client so 
this is basically just a zip file that you can   download and unzip and after that you can use the 
utilities in there so that means if we go into   the fortify scan central client you 
can see that we have just as before uh   the core directory and where you can find uh 
the config directory and there we have something   called the client properties so please make sure 
that you edit the client properties so in this   case i&#39;m going to show this to you i already did 
this on uh on another another demonstration but   the only thing that you need to put here is 
of course the authentication token that you   set before for the client or um yeah the client so 
that means if we switch back just one time this is   the controller configuration please use this 
one here and with that i think we can go back   and start scanning so basically what i&#39;m going to 
use now is the scan central utility for that so   that means um if we just switch to our source 
code i can demonstrate how you can actually   work with this so we are going to use the for 
fortify aws java sdk demo and inside of here   you can see that we have the source as well as the 
pom file for building it with maven so please make   sure that you have maven installed of course and 
test it before you actually scan it so that means   we want to um translate and off we want to 
upload the translation as well as the scanning   and we can do this by using our scan central 
client our standalone client so that means   in this case we need to go one directory back and 
need to go into the scan central client directory   and go into bin and choose scan central so 
please make sure this is executable of course   and and now we can actually start using 
it so the first thing that you need   that you need to put here is basically the 
url of the scan central controller so let me   check this in another tab uh right on the 
other screen yep so i will put this in here   and after that we only need to say okay 
we want to to start um the client or the   the command the scan itself and we also need to 
include the build option or the knit not a build   option build tool so if you don&#39;t if you&#39;re using 
something like python for example you need to hit   none in here but in this case we are using maven 
so you we can put maven in here so if you want to   get familiar with this please have a look at the 
documentation and after that we can basically hit   enter and it will automatically pull every kind of 
dependency that we need for this scan and put it   together in one file with the source code and send 
this package to the controller so as you could   see this was uh successful and we oh you can&#39;t 
see it just uh just a second so as you can see   um this was successful and we submitted a 
job and received a unique token so with that   we can basically go back to our ssc and have a 
look at our scan request because now we can see   we actually got a scan request and we can see 
this is basically this is actually running   so we can see this is um currently running and 
we can wait until the result is here because   this is a very simple a very basic application 
this only should take some some seconds in here   but before we get into this oh the scan is 
completed so this was successful and as you   could see um this was only running the scan 
not uploading it into software security center   i will explain this in a second how you can 
actually do this but in this case we can basically   download the fpr file on our local machine and 
have a look at the results we can also download   the log file if we want um but yeah this is 
basically it and you can also see the scan   arguments um as well as everything else and 
this is a good example how you can actually   how you can actually start a very basic scan so 
that means now you can see the whole results in   here so this was successful and now as i said 
i want to also show you how you can actually   upload this into the software security center to 
an application for this of course we need first   of all an application so let&#39;s use for example 
the demo application here so i will just delete   this one here but we do not have any kind of 
results in here so this is a basically fresh new   application called demo app and this has the id 7 
so in this case we can see it directly in the url   so this is very important we need this and we 
also need a contr a token to upload the results   directly so that means we need to go to the 
administration page to users token management   and create something called the scan central 
controller token so that means we need to save   this and can use this so that means let&#39;s 
switch back to the ubuntu system once more   clear everything up and now we can use the same 
command as before but now we want to upload the   code so that means we need to put upload at 
the the end upload and start with version id   so in our case it was version oh let&#39;s 
uh let&#39;s make it this way um so we can   use version number i think this 
was seven let&#39;s copy this in here application demo application yeah 
it was seven so we can go back here   version id is seven and we also need to give it 
a up token so this is basically the upload token   so that means we can put this in here and let me just check if i forgot something but i 
think that should be fine so with that we can also   uh just hit enter as before waiting and until the 
the package is successfully uploaded to the ssc   and yep the job has submitted and we can 
actually start having a look at the ssc again   so let&#39;s go back to scan central and now we can 
see the scan is actually running and it already   connected to the demo app version one so that 
means it was successful and we can now just   refresh and wait some seconds until the demo 
is is done and then we can have a look at the   results directly inside of the application so 
just the upload is cute yep that&#39;s completely   fine so we can now go to the demo app so in this 
case uh we need to prove this but you can easily   set this up using your profile section so in this 
case let&#39;s approve it say yes we want to prove it   and just wait until it is finished complete 
and now we can see our results using the   scan central zest sensor here directly 
in sse so this is basically a very short   demo of how you can use the standalone client but 
let&#39;s switch switch back to the presentation once   more to show you or just say um tell you a little 
bit more about the embedded client because when   we talking about the embedded client we want of 
course um sometimes we want to only offload the   scan so that means for example if there&#39;s language 
that is not supported by the standalone client we   can use the embedded client to actually offloading 
the heavy scan part of a 45 scan so that means   in this case we want to install and configure 
this client this embedded client and for this   we are using the already existing 45 static code 
analyzer installation so for that let&#39;s switch   back to our system and just close this right 
here yep which is fine and now for this example   i&#39;m going to use the sample code that is directly 
inside of the installation directory of fordify   so let&#39;s go to fortify sda and apps 
go to samples basic and let&#39;s use   8ball this is a java application so very easy and 
easy to scan and you can also have a look at the   readme file because here you can see the different 
steps that are needed to actually do the scan   and the interesting part here is of course we can 
use the the clean to uh use this on our system uh   or let&#39;s let&#39;s basically do this directly and uh 
yeah first of all we need to just a normal fortify   static code analyzer clean to make sure 
everything in case of temporary files is deleted   so just hit enter to do the clean then we will 
do the translation so we will actually build the   application to a mobile build session format in 
fordify and now we have this mobile build session   connected to this build id and instead of scanning 
this now on our local system we can actually use   scan central to offload the scan only so that 
means before we can actually start scanning we   need to do one more thing and that is to configure 
the client authentication token so for that   we need to go to the fortify sca installation 
directory go to core config and then we do not   need the worker properties because this was for 
the sensor we need the client properties so please   go in here and as you can see there is nothing 
in here but in this case we can use the same   authentication token as before so let&#39;s 
oh put this in here save the file and go   back so but this is basically um this is basically 
the whole setup that you need to do to make sure   that the connection can be established and now 
we can continue in the command line so basically   what we can do now is to use the scan central 
utility so if you um use this and just type in   help you can see actually see all the different 
things what we can do here we can also see   the worker thing to actually start the sensor but 
in this case we want to use the start command to   start a remote scan job so that means we need to 
use scan central and put url of the scan central   controller in here so let&#39;s use this one yep 
and after that we can say okay we want to start   up we want to start the scan so that&#39;s basically 
it but of course we also want to um pack or to to   connect this directly to the right application 
so that means we need to have a look at our   applications and as you can see we have something 
called 8 ball and yeah just let let&#39;s delete this   and as you can see there&#39;s nothing in here 
and this is the version six so we need to   say okay I want to upload this to version 
version id six and we also need to provide   the upload token so let me search for that 
just a second i need to copy this out of here so let&#39;s type in up token put the token in here 
and now we need to set the build id as before   so here so i will put this in here 
eight ball and now we want to just hit   scan so that&#39;s it so basically we can now hit 
enter and it will automatically upload the mobile   build session to the controller so you can see it 
will export the mobile build session and handle it   over to the controller and now when we go back 
to the software security center to scan central   and just wait a couple of seconds we can 
see the scan will start and basically we   did the whole translation on this system and 
upload it to the scan central zest controller   and now the sensor will take care of the scanning 
only so let&#39;s wait okay the scan is already   completed we can see now we submitted through 
the administrator administrator and now we can just have a look at eight ball okay there&#39;s no 
results uh let&#39;s check the commands once again   or let&#39;s i will put the prepared command in here 
just to make sure that i do not make any mistakes   in pasting any kind of tokens 
in the wrong wrong direction   so let&#39;s go to skin central 
and wait until the scan is in here okay so the scan is now here so as you 
could see i made some mistake in copy and pasting   something from the command line because now as you 
can see it is exactly the same i think i made some   mistakes in the token copy process but it doesn&#39;t 
matter so that means if we say refresh we can see   upload was complete so if we go to our 8 ball 
application version we can see under the artifacts   that the artifacts is already here so we can say 
yes and improve it and after that we are able to   see our results of just the remote scan in here 
so yeah this is basically it and one little thing   that i also want to to mention here um you can 
also use of course any kind of plugins for our ids   so if we go to uh install the fortify plugin 
on for on the visual studio code for example   we can also do the same process in here so that 
means while this is installing we can open up   the same folder as before so we can go to 
samples basic eight ball open this one up   yep we trust this and now we can yeah 
have a look at the file of the application   and we can actually start um using our integration 
so that means we can go to the fortify integration   click on ScanCentral SAST for example and we only 
need to make sure that the controller is here so   that means let&#39;s put this in here and we can also 
say we want to upload this but in this case i only   want to showcase you that is very easy possible 
using the ide plugins as well so we only skip   we only click on scan and it will automatically do 
the same that we&#39;ve done here in the command line   and we can head back to scan central just also 
wait a couple of seconds until the scan is here   and um yeah in the meantime I also can uh talk 
a little bit more about some tips and tricks   so i already talked about avoiding spaces in 
the authentication token but i also want to   to highlight or to mention it again so please make 
sure you do not make any mistakes put any kind of   any kind of spaces inside of the the configuration 
another very important thing is if you want to   change the token so let&#39;s say you want to change 
the token um you need to first change it in the   controller config properties and then change it in 
the worker properties so please make sure to first   change it in the controller properties and um very 
very important one or the the most important thing   here is of course please make sure that every 
connection can be established so please make   sure there&#39;s no firewall issue nor port conflict 
um that all these things or all these components   can communicate very well together and i think 
that&#39;s all so thank you very much for watching   and please leave a like if you find this video 
helpful and as i said you can find anything   down below in the description uh when it comes 
to links and anything else and if you have any   kind of feedback questions please let us know and 
with that thank you very much and have a nice day

Transcript for:Installation and Configuration of ScanCentral SAST

Transcript for:
Installation and Configuration of ScanCentral SAST