Prerequisites for Working with the AppViewX Config Scan and Code Scan Agents

AppViewX’s PQC assessment tool is built with scanning capabilities to scan your entire cryptographic environment and generate reports that will help drive your organization’s transition to a quantum-safe environment. The capabilities and working of this tool have been explained at length in this chapter.
This section of the guide focuses on configuring the following prerequisites before the PQC assessment tool begins working:
  • Configure a service account to send reports to AppViewX.
  • To be able to send reports via a cloud connector instance, configure a AppViewX Cloud Connector instance to send reports to the CC or a cloud DC

Configuring a Service Account to Send Reports to AppViewX

  1. Login to AppViewX with your valid credentials.
  2. Go to Menu > Platform > Identity > Service Account.
    The Service Account page is displayed, with the complete inventory of all existing service accounts.
  3. From the menu bar, click Add Account.
    The Service Account > Add page is displayed.
  4. In the Account Information section, enter/select the following service account details:
    Feature Description
    *Name Name of service account.
    Authenticate Externally Enable the toggle to authenticate external service account using the client ID.
    Client Id This field is mandatory only when the Authenticate Externally toggle is enabled.

    Enter the external Client ID for authentication.

    When Authenticate Externally is disabled, the Client ID field will be auto-generated after registration.
    Client Secret This field is enabled only when Authenticate Externally toggle is disabled.

    The Client Secret is auto-generated after registration and is masked.

    To view and copy the Client Secret, click the Show/Hide icon.
    Description Brief description of the service account
    *: Mandatory fields
  5. In the Client Secret Settings section, enter/select the following details:
    Note: This section is displayed only if the Authenticate Externally toggle is disabled.
    Feature Description
    *Client Secret Validity (in days) Specifies the number of days for which the generated client secret remains valid
    Enable Secret Expiry Notification When enabled, the system sends notifications to designated users or admins before a client secret expires. Alerts will be sent at intervals of 90, 60, 30, 7, and 1 day(s) before expiry and 1 day after expiry.
    *: Mandatory fields
  6. In the Contact Information section, enter the Email Address for creating the service account.
  7. Click Save.
    The client ID and client secret are generated and displayed on the same page. These details have to be provided while running the code scan and the configuration scan agent.
  8. Assign admin user groups for the created service account, or assign a user group with roles having Quantum Trust Hub ACF permissions.
    For instructions, see Enabling ACF Permissions for the Quantum Trust Hub.

Configuring a AppViewX Cloud Connector Instance to Send Reports

Prerequisites

  • At least one Cloud Connector must be installed and running in the tenant.
  • Cloud Connector version required: 2025.0.0.0
    • If the cloud connector is already installed but the version is not 2025.0.0.0:
      1. Upgrade the cloud connector to the version 2025.0.0.0.
      2. Verify the gateway is enabled following the instructions given here.
      3. If the gateway is not enabled, to enable the gateway, follow the instructions given here.
    • If the cloud connector is installed for the version 2025.0.0.0:
      1. Verify the gateway is enabled following the instructions given here.
      2. If the gateway is not enabled, to enable the gateway, follow the instructions given here.
  • Ensure that the Gateway pod is enabled in the Cloud Connector. If not, see Enabling the Gateway Pod with the HTTPS Profile in the Cloud Connector.
  • Please provide the Cloud Connector hostname if you wish to communicate through the Cloud Connector while installing the Agent.

Checking if the Gateway with HTTPS Profile is Enabled in the Cloud Connector

  1. Navigate to the Cloud Connector (CC) installation directory where the install.sh script is located.
  2. Run the following command and verify that the output is similar to the one shown in the screenshot: 
    ./deps/tools/k3s kubectl get svc -A | grep avx-mid-server-gateway-https

Enabling the Gateway Pod with the HTTPS Profile in the Cloud Connector

  1. Navigate to the installation directory where the install.sh script is located in the cloud connector.
  2. Set the following properties in the deps/properties/appviewx.properties file: 
    AUTO_ENROLL_ENABLED=true
ENABLE_HTTPS_PROFILE=true
  3. Navigate back to install.sh script location in same CC installation folder and execute the following commands: 
    deps/tools/k3s kubectl scale deploy avx-mid-server-platform --replicas=0 -n cc
  4. Wait until the platform pod is completely scaled down.
  5. Restart the starter pod using below command to bring up both Gateway and Platform pods: 
    ./avxctl restart starter
    Expected CC downtime: 2–5 minutes.
  6. Verify the gateway is enabled following the instructions given here.