Schedule scans

API Security Testing (AST) provides you an option to schedule scans. When you schedule a scan, you do not need to manually trigger a fresh scan every time you wish to test your APIs. The scheduled scans are run using Runners. Runners are nothing but Traceable CLI installed on your server as a service. The process of scheduling a scan is divided into two steps:

1. Download and install a runner
2. Schedule a scan

You can schedule a scan separately from the Schedule Scans menu, or when generating a new scan. As schedules are run on a policy, make sure that a policy already exists if you are scheduling a scan.

Step 1 – Download and install a runner

You can download and install a runner either through Traceable Platform or as a service using an install.sh script available on Traceable's download site.

Option 1 – Download runner from UI

Navigate to Testing → Runners to start the runner configuration. Provide a name for the runner and the token. Binary CLI command and docker option are displayed. You can use either of the options to configure the runner on your server. Runners are applicable to all the environments.

Copy the binary CLI command or the docker command to configure the runner.

By default, the binary command runs in the background. The Docker command given in the UI runs in the foreground in an interactive way. If you wish to run the Docker command in background, use the following command. Replace the runner's name with the name of your runner:

docker run --rm -d -v ~/.traceable_docker:/app/userdata traceableai/traceable-cli:latest runner start --traceable-server api.traceable.ai --runner-name newrunner --token **** 

Following is an explanation of the Docker command:

• docker run is the command to run a Docker container.
• --rm removes the container automatically after it exits.
• -d runs the container in detached mode.
• -v ~/.traceable_docker:/app/userdata mounts the local directory ~/.traceable_docker to the /app/userdata directory inside the container. This allows the container to access and modify files in the local directory.
• traceableai/traceable-cli:latest specifies the image to use for the container.
• runner start runs the start command of the Traceable Runner program within the container.
• --traceable-server api.traceable.ai specifies the URL of the Traceable Server to connect to.
• --runner-name newrunner sets the name of the runner to “newrunner”.
• --token **** sets the authorization token required to connect to the Traceable Server.

Option 2 – Download and install runner as a service

You can configure runner as a systemd service. To configure runner as a service, download the installation script from Traceable's download site. Navigate to cli → release → latest → install.sh to download the installation script.

Run the script's help (install.sh --help) command to know the various options.

You can run more than one runner on the same machine for both option 1 and option 2. For more information on how to run more than one runner on a single machine, contact Traceable support at [email protected]. 

Step 2 – Schedule a scan

You can schedule a scan by clicking on the Schedule Scan menu. Make sure that you have configured at least one runner before you proceed with scheduling a scan. 

If you are selecting a specific runner drop-down, you can only select from an available runner. All the inactive runners are greyed out. The runners have the following three states:

• Busy – Runners that are currently running a scan. You can schedule a scan on a busy runner. However, the scheduled scan is taken up when the current scan completes.
• Idle – Runners that are immediately available to run a scan.
• Inactive – Runners that are not reporting to the AST machine or server.

When you schedule a scan from Dashboard as shown below, select the Trigger scan from Platform option. Choose the policy against which you would like to run the scan. The schedule name is automatically generated based on the policy name. However, you can edit the schedule name. 

You can view all the scheduled scans from the Scheduled Scans menu. You can either edit or delete the schedules.