This page highlights some advanced topics related to AppSec Kit.
This section describes the configuration options and their default values. The AppSec Kit has the
AppSecConfiguration class. An instance of this class can be set to configure the
AppSecService like so:
AppSecConfiguration configuration = new AppSecConfiguration(); configuration.setAutoScanInterval(Duration.ofDays(2)); AppSecService.getInstance().setConfiguration(appSecConfiguration);
You can set or override the following configuration values in the
dataFilePathis the path of the data file for storing information about the vulnerabilities;
bomFilePathis the path of the SBOM (Software Bill Of Materials) file used as a source of dependencies;
taskExecutoris the executor used to run asynchronous tasks during the vulnerability scanning;
autoScanIntervalis the duration of the interval between automatic scanning for vulnerabilities; and
osvApiRatePerSecondis the rate per second for the OSV (Open Source Vulnerability) API calls.
Vulnerability Details View, you can add analysis of the vulnerability. When this analysis is saved with the vulnerability information, it’s stored in a data file in JSON format. Its default path and file name are
Your application dependencies in the
Dependencies View are populated from this file. The file should contain the dependencies in CycloneDX JSON schema format. The default path and file name are
You can set a custom executor for the background and scheduled jobs run by the AppSec Kit. For example, scheduled jobs are run when an automatic or manual vulnerability scan happens. The default task executor is a single-thread executor.
You can configure the duration of the interval between automatic scanning for vulnerabilities. The default interval is 1 day.
You can configure the rate per second value for the OSV (Open Source Vulnerability) API calls. The default value is 25.