- 20 Mar 2023
- 3 Minutes to read
- Updated on 20 Mar 2023
- 3 Minutes to read
API Security Testing (AST) provides you an option to schedule scans. When you schedule a scan, you do not need to manually trigger a fresh scan every time you wish to test your APIs. The scheduled scans are run using Runners. Runners are nothing but Traceable CLI installed on your server as a service. The process of scheduling a scan is divided into two steps:
- Download and install a runner
- Schedule a scan
You can schedule a scan separately from the Schedule Scans menu, or when generating a new scan. As schedules are run on a policy, make sure that a policy already exists if you are scheduling a scan.
Step 1 – Download and install a runner
You can download and install a runner either through Traceable Platform or as a service using an
install.sh script available on Traceable's download site.
Option 1 – Download runner from UI
Navigate to Administration () → Testing → Runners to start the runner configuration. Provide a name for the runner and the token. Binary CLI command and docker option are displayed. You can use either of the options to configure the runner on your server.
Copy the binary CLI command or the docker command to configure the runner.
By default, the binary command runs in the background. The Docker command given in the UI runs in the foreground in an interactive way. If you wish to run the Docker command in background, use the following command. Replace the runner's name with the name of your runner:
docker run --rm -d -v ~/.traceable_docker:/app/userdata traceableai/traceable-cli:latest runner start --traceable-server api.traceable.ai --runner-name newrunner --token ****
Following is an explanation of the Docker command:
docker runis the command to run a Docker container.
--rmremoves the container automatically after it exits.
-druns the container in detached mode.
-v ~/.traceable_docker:/app/userdatamounts the local directory
/app/userdatadirectory inside the container. This allows the container to access and modify files in the local directory.
traceableai/traceable-cli:latestspecifies the image to use for the container.
runner startruns the
startcommand of the Traceable Runner program within the container.
--traceable-server api.traceable.aispecifies the URL of the Traceable Server to connect to.
--runner-name newrunnersets the name of the runner to “newrunner”.
--token ****sets the authorization token required to connect to the Traceable Server.
Option 2 – Download and install runner as a service
You can configure runner as a
systemd service. To configure runner as a service, download the installation script from Traceable's download site. Navigate to cli → release → latest → install.sh to download the installation script.
install.sh script is supported on a Linux machine.
Run the script's
install.sh --help) command to know the various options.
You can run more than one runner on the same machine for both option 1 and option 2. For more information on how to run more than one runner on a single machine, contact Traceable support at firstname.lastname@example.org.
Step 2 – Schedule a scan
You can schedule a scan by clicking on the Schedule Scan menu. Make sure that you have configured at least one runner before you proceed with scheduling a scan.
If you are selecting a specific runner drop-down, you can only select from an available runner. All the inactive runners are greyed out. The runners have the following three states:
- Busy – Runners that are currently running a scan. You can schedule a scan on a busy runner. However, the scheduled scan is taken up when the current scan completes.
- Idle – Runners that are immediately available to run a scan.
- Inactive – Runners that are not reporting to the AST machine or server.
When you schedule a scan from Dashboard as shown below, select the Trigger scan from Platform option. Choose the policy against which you would like to run the scan. The schedule name is automatically generated based on the policy name. However, you can edit the schedule name.
You can view all the scheduled scans from the Scheduled Scans menu. You can either edit or delete the schedules.