Installing scanner agent via OpenShift
You can install the Invicti Enterprise scanner agent on any operating system that has OpenShift.
Using OpenShift means you don’t need to install redundant files like drivers or operating system kernels, for example.
This topic explains how to install the Invicti Enterprise scanner agent on Windows, Linux, or macOS operating systems using OpenShift.
Using docker? See Installing a scanner agent via dockerization.
- OpenShift command line tool (For further information, see the RedHat document.)
- Kubernetes command line tool (For further information, see the Kubernetes document.)
- Docker. (To find out if your OS has Docker installed, type the following code in the shell: docker -v)
- Install 7z to extract the downloaded 7z installation file.
- Administrator privileges to run the required commands.
There are two steps to running a scanner agent on the OpenShift environment.
Step 1. How to download a scanner agent in Invicti Enterprise On-Demand
- Log in to Invicti Enterprise.
- From the main menu, go to Agents > Manage Agents > Configure New Agent.
- From the Agent section, select OpenShift to download the file.
Step 2. How to extract and run the scanner agent
- Navigate to the download location.
- Extract the TAR file:
7z x Invicti_Enterprise_Scanner_OpenShift_Agent.tar
It should contain the following: a TAR file.
- Now, navigate to the extracted file, and run the following command to load the image file:
docker load < OpenShift_InvictiEnterprise_Scan_Agent.tar
After entering the said command on the 2nd step, the system starts to load the image. It may take some time. Once the load is complete, a welcome message is displayed.
- To log in to the OpenShift cluster, run the following command:
oc login <cluster_url> --username <username> --password <password>
- To create a new project “invicti”, run the following command:
oc new-project invicti
- To log in to Docker, run the following command:
docker login -u <username> -p $(oc whoami -t) $(oc registry info)
- To tag the image, run the following command:
docker tag agent:latest <your_openshift_registry:tag>
- To push the Docker image to the OpenShift registry, run the following command:
docker push <your_openshift_registry:tag>
- Now, create the deployment.yaml and enter your own information, such as ApiToken and ApiRootUrl, into this Yaml file.
|AgentName||This can be anything you want. This text will be displayed when you are starting a new Scan. (If you plan to install more than one instance of the agent, make sure you set a unique agentName value for each instance, as it will be needed later.)|
|ApiToken||In Invicti Enterprise, the Agent Token is displayed on the Configure New Agent page. Copy this value into the apiToken. (From the main menu, go to Agents > Manage Agents > Configure New Agent. In the Agent Token field, select Copy to clipboard.)|
|ApiRootUrl||This would be the URL of Invicti Enterprise On-Demand or Invicti Enterprise On-Premises.|
The following Deployment.yaml is a sample that you can use:
--- apiVersion: apps/v1 kind: Deployment metadata: namespace: invicti labels: app: invicti-netsparker-scanner name: invicti-netsparker-scanner spec: replicas: 1 selector: matchLabels: app: invicti-netsparker-scanner template: metadata: labels: app: invicti-netsparker-scanner spec: containers: - name: invicti-netsparker-scanner image: <Your agent image> imagePullPolicy: IfNotPresent env: - name: ApiToken value: “Enter a token” - name: ApiRootUrl value: "Enter a URL" - name: AgentName valueFrom: fieldRef: fieldPath: metadata.name - name: AgentMode value: "Scanner" - name: IgnoreSslCertificateErrors value: "false" resources: limits: cpu: 2000m memory: 8Gi requests: cpu: 1000m memory: 4Gi
- To apply manifests to your clusters, run the following commands:
kubectl apply -f deployment.yaml
kubectl get pod
The scanner agent is now installed. You can check its status in Invicti Enterprise. Log in to Invicti Enterprise and go to Agents > Manage Agents.
You can now start a scan through the scanner agent you just installed. To do so, go to Scans > New Scan and select a website the agent mode is Internal.
With other settings that are required to start a scan, you can also select which agent would be used to scan the target.