Support
Scanner Agents

Installing a scanner agent via OpenShift

This document is for:
Invicti Enterprise On-Demand

You can install the Invicti Enterprise scanner agent on any operating system that has OpenShift.

Using OpenShift means you don’t need to install redundant files like drivers or operating system kernels, for example. 

This topic explains how to install the Invicti Enterprise scanner agent on Windows, Linux, or macOS operating systems using OpenShift.

Using docker? See Installing a scanner agent via dockerization.

Prerequisites

  • OpenShift command line tool (For further information, see the RedHat document.) 
  • Kubernetes command line tool (For further information, see the Kubernetes document.) 
  • Docker. (To find out if your OS has Docker installed, type the following code in the shell: docker -v)
  • Install 7z to extract the downloaded 7z installation file. 
  • Administrator privileges to run the required commands.

There are two steps to running a scanner agent on the OpenShift environment. 

Step 1. How to download a scanner agent in Invicti Enterprise On-Demand
  1. Log in to Invicti Enterprise.
  2. From the main menu, go to Agents > Manage Agents > Configure New Agent.
  1. From the Agent section, select OpenShift to download the file.
Step 2. How to extract and run the scanner agent
  1. Navigate to the download location.
  2. Extract the TAR file: 7z x Invicti_Enterprise_Scanner_OpenShift_Agent.tar
    It should contain the following: a TAR file.
  3. Now, navigate to the extracted file, and run the following command to load the image file: docker load < OpenShift_InvictiEnterprise_Scan_Agent.tar
    After entering the said command on the 2nd step, the system starts to load the image. It may take some time. Once the load is complete, a welcome message is displayed.
  4. To log in to the OpenShift cluster, run the following command:
oc login <cluster_url> --username <username> --password <password>
  1. To create a new project “invicti”, run the following command:
oc new-project invicti
  1. To log in to Docker, run the following command:
docker login -u <username> -p $(oc whoami -t) $(oc registry info)
  1. To tag the image, run the following command:
docker tag agent:latest <your_openshift_registry:tag>
  1. To push the Docker image to the OpenShift registry, run the following command:
docker push <your_openshift_registry:tag>
  1. Now, create the deployment.yaml and enter your own information, such as ApiToken and ApiRootUrl, into this Yaml file.
ParameterDescription
AgentNameThis can be anything you want. This text will be displayed when you are starting a new Scan. (If you plan to install more than one instance of the agent, make sure you set a unique agentName value for each instance, as it will be needed later.)
ApiTokenIn Invicti Enterprise, the Agent Token is displayed on the Configure New Agent page. Copy this value into the apiToken. (From the main menu, go to Agents > Manage Agents > Configure New Agent. In the Agent Token field, select Copy to clipboard.)
ApiRootUrlThis would be the URL of Invicti Enterprise On-Demand or Invicti Enterprise On-Premises.

The following Deployment.yaml is a sample that you can use:

---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: invicti
  labels:
    app: invicti-netsparker-scanner
  name: invicti-netsparker-scanner
spec:
  replicas: 1
  selector:
    matchLabels:
      app: invicti-netsparker-scanner
  template:
    metadata:
      labels:
        app: invicti-netsparker-scanner
    spec:
      containers:
        - name: invicti-netsparker-scanner
          image: <Your agent image>
          imagePullPolicy: IfNotPresent
          env:
          - name: ApiToken
            value: “Enter a token”
          - name: ApiRootUrl
            value: "Enter a URL"
          - name: AgentName
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: AgentMode
            value: "Scanner"
          - name: IgnoreSslCertificateErrors
            value: "false"
          resources:
            limits:
              cpu: 2000m
              memory: 8Gi
            requests:
              cpu: 1000m
              memory: 4Gi
  1. To apply manifests to your clusters, run the following commands:
kubectl apply -f deployment.yaml
kubectl get pod

The scanner agent is now installed. You can check its status in Invicti Enterprise. Log in to Invicti Enterprise and go to Agents > Manage Agents.

You can now start a scan through the scanner agent you just installed. To do so, go to Scans > New Scan and select a website the agent mode is Internal. 

With other settings that are required to start a scan, you can also select which agent would be used to scan the target.

Invicti Help Center

Our Support team is ready to provide you with technical help.

Go to Help Center This will redirect you to the ticketing system.