Working with the AppViewX Config Scan Agent
A configuration scan examines system, network, and application settings to identify where and how cryptography is being used — specifically, which algorithms, protocols, and key strengths are configured in the environment.
AppViewX’s Config Scan Agent scans the crypto libraries, protocols, cipher suites, and certificates bound to an application in your cryptographic environment, with the following three types of scans:
- Configuration scan (to identify vulnerabilities in protocols, cipher suites, crypto libraries, and certificates bound to an application running on a specific endpoint)
- Certificate scan (to identify vulnerabilities in certificates present in the file system)
- Network scan (to identify vulnerabilities in the protocols, cipher suites, and certificates bound to a specified IP address/range/subnet)
The scan results give you macro level visibility into the quantum readiness posture of your cryptographic configuration. The scan results are populated in the List of Scans in AppViewX's Quantum Trust Hub, and are displayed using interactive widgets on the Quantum Trust Hub dashboards.
In addition to this, the Cryptographic Bill of Materials (CBOM) generated as the output of the agent scan lists the vulnerabilities to help initiate your transition from a quantum vulnerable state to a quantum safe cryptographic environment.
The CBOM:
-
Provides detailed insights into code, highlighting the line numbers where non-PQC compliant algorithms are used, along with the corresponding class names and algorithm names
-
Includes remediation suggestions to help transition from non-PQC to PQC-compliant solutions.
The following two deployment models are available for installing the config scan agent:
- Linux-based
- Docker-based
The subsequent sections cover the installation instructions for each deployment type.
