View Source

This guide will show you how to synchronize local analysis configuration with the Kiuwan servers.

Contents:

Kiuwan Local Analyzer is able to synchronize its local analysis configuration with the Kiuwan servers.

Use this feature if you need to run multiple analyses with multiple KLA instances using the same configuration.

You can share between your KLA instances these parts of the analysis configuration:

Code Security and Code Analysis configuration options:
- Anything that can be configured through KLA's graphical user interface can be centralized and distributed to your KLA instances, e.g. include patterns, exclude patterns, analysis memory, language extensions and specific language options.
- All specific application configuration made will be synchronized as well.
- All default and application specific custom neutralizations will be syncrhonized.
- All custom libraries will be synchronized: if you are analyzing your applications with customized rules, you can provide Kiuwan your rules implementations so they can be distributed to all your KLA instances.
Insights configuration options:
- All options for Insights analyses will be synchronized, e.g. include patterns, exclude patterns, custom repository URLs.

Creating a centralized configuration

Centralized configuration is made up by two kind of files that can be uploaded to Kiuwan:

Kiuwan Local Analyzer custom configuration zip: this file can be generated from any Kiuwan Local Analyzer instance.
Custom rules jar files: if you have implemented your own rules, you can upload to Kiuwan both their definitions and implementations.

You can upload both kind of files, one of them or none. This is up to you.

Note that if you do not upload any configuration file to Kiuwan, your Kiuwan Local Analyzer instances will work the same way as before: they will use their local configuration resources.

Analysis configuration files

Step 1: Configure your applications

First of all, you will need a copy of Kiuwan Local Analyzer where you can access its GUI. If you already own one where you have all your applications configured, you can jump to the next step.

The idea here is that you configure all your applications' analysis specific options in this Kiuwan Local Analyzer instance so you can generate a custom configuration zip that can be uploaded to Kiuwan.

Refer to Start your First Scan with Kiuwan Local Analyzer to learn how to configure your applications.

To configure Insights specific options, you will need to edit directly the Insights configuration file, located under $(AGENT_HOME)/conf/insight.properties.

Step 2: Create a custom configuration zip file

Once you have finisihed configuring the Kiuwan Local Analyzer, you will need to dump all needed files to a custom configuration zip file.

To do so, open a terminal to $(AGENT_HOME)/bin and execute one of these commands:

Under Windows Operating Systems:

agent.cmd -dac

Under Unix-like and OSX:

./agent.sh -dac

Once the command is run, you will see this output:

#       #
#       #
#
#    #  #   #    #  #          #   ###    # ###
#   #   #   #    #   #   ##   ##  #   #   ###  #
#  #    #   #    #   #   ##   #       #   #    #
####    #   #    #   #  ## #  #    ####   #    #
#  #    #   #    #    # #  # #    #   #   #    #
#  ##   #   #    #    # #  # #   #    #   #    #
#   #   #   #    #    ##    ##   #    #   #    #
#    #  #   ######     #    #     #####   #    #

                                   www.kiuwan.com

java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)

Current Kiuwan Local Analyzer version: development.1539.p597.q12363
New Kiuwan Local Analyzer version available: development.1539.p597.q12363
Kiuwan Local Analyzer is up to date
Launching...

java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)

Running dump analysis configuration mode...
Written configuration to /home/kla_user/KiuwanLocalAnalyzer/temp/conf/202002250815_kiuwan_analysis_config.zip
Written md5 = d03934e5c54218a9c2116f84aec787ba
Done!

Two files will be written to $(AGENT_HOME)/temp/conf:

A zip file named yyyyMMddHHss_kiuwan_analysis_config.zip: this is the zip file that contains the configuration of this Kiuwan Local Analyzer instance.
A text file with the same name and md5 extension: this is a fingerprint of the previous file that can be uploaded to Kiuwan to verify its integrity.

Step 3: Upload your custom configuration to Kiuwan

One you have generated both *_kiuwan_analysis_config.zip and *_kiuwan_analysis_config.md5 files, log into Kiuwan and navigate to Account Management screen.

Under the Engine tab you will find a section named Central analysis configuration.

Refer to Central Analysis Configuration for details on how to upload these files to Kiuwan.

Note that uploading a central configuration file can only be made by the account administrator(s).

Custom rules files

If you want to analyze your applications using custom models that contain your own rules implemented by yourself, you will need to upload both their defintions and implementations in the Models Management section.

Refer to Installing custom rules created with Kiuwan Rule Developer for details on how to upload these files to Kiuwan.

Centralized analysis configuration synchronization

All your Kiuwan Local Analyzer instances will try to synchronize with the uploaded configuration found in your Kiuwan account every time an analysis is run, just after the engine update step is run.

Note that the configuration synchronization operation may be blocked if there are analyses running in the current Kiuwan Local Analyzer instance. Make sure that no analysis are running in your Kiuwan Local Analyzer instance before running a new analysis that uses a centralized configuration.

Bypassing analysis configuration synchronization

You can tell a Kiuwan Local Analyzer instance to bypass the synchronization operation by following any of these options:

Open $(AGENT_HOME)/conf/agent.properties file and set the "sync.analysis.config" property to "false".
Run Kiuwan Local Analyzer through CLI and specify the previous property to false when running an analysis.

An example of the latter could be:

./agent.sh -n MyApplication -s /sourceCode/MyApplication sync.analysis.config=false

Modifying analysis configuration once a centralized configuration is already uploaded

To modify an already existing centralized configuration, you can either:

Download a fresh copy of Kiuwan Local Analyzer and synchronize the existing configuration and edit the configuration files after it is synchronized.
Open Kiuwan Local Analyzer graphic user interface and modify any option you need to change.

Once you have modified the configuration, you can repeat the upload process to update your centralized configuration.

Kiuwan Local Analyzer's GUI will warn you of the synchronization status when accessing configuration dialogs. This only means that changes made to configuration could be lost when restarting Kiuwan Local Analyzer if the synchronization is active. If you want to bypass synchronization, refer to Bypassing analysis configuration synchronization.