Uploading disconnected scan results (disconnected scenario)

Edit online

UNIX Windows 9.2.30 Available from 9.2.30.

If computers with disconnected scanners have connectivity to the License Metric Tool server (direct or through a proxy), you can set up regular upload of scan results by providing the LMT_SERVER_URL and LMT_SERVER_API_TOKEN parameters in the setup_config.ini file.

Before you begin

For this feature to work, both the License Metric Tool server and the disconnected scanner must be in version 9.2.30 or higher.
You must have the Manage Scan Uploads (previously: Manage Uploads) permission to perform this task. It is recommended to create a dedicated user in License Metric Tool that will be used specifically to upload results of disconnected scans.
This method is supported if you have one disconnected data source. If you have more disconnected data sources and you want to use this method, write and e-mail to talk2sam@us.ibm.com.
The License Metric Tool server must use the HTTPS protocol.
The computer from which you want to upload disconnected scan results must meet the following requirements.
- It must have cURL installed. In case of Windows it is also possible to use PowerShell for an upload method.
- It must have connectivity to the License Metric Tool server (direct or through a proxy) through the port that is used for REST API data traffic (9081 by default).

Procedure

On the computer from which you want to upload disconnected scan results, go to the <scanner_install_dir>/config directory, and open the setup_config.ini file.
In the LMT_SERVER_URL parameter, provide the address of the License Metric Tool server to which packages with disconnected scan results will be uploaded. Provide it in the following format: <IP address or host name>:<port>. For example: 192.0.2.0:9081 or example.hostname.com:9081.
In the LMT_SERVER_API_TOKEN parameter, provide the token of the user that will be used to upload disconnected scan results to the License Metric Tool server. You can obtain the token in one of the following ways.
- By using REST API. For more information, see: REST API for retrieving authentication token.
- From the user interface. Log in to License Metric Tool, hover over the User icon , and click Profile. Then, click Show token.
Upon running automation/configure.sh or automation/configure.bat script the token will be re-saved in obfuscated form.
In the LMT_SERVER_UPLOAD_METHOD parameter, provide the preferred upload method.

Note: The possible values for LMT_SERVER_UPLOAD_METHOD parameter are CURL or POWERSHELL. By default, the upload method is set to CURL.
When the cURL option is selected, please verify if the following requirements are met:
1. Optional: If you do not have cURL located in PATH environment variable, provide full path to cURL in the CURL_PATH parameter. For example:
  - /usr/bin/curl
  - C:\Program Files\curl\curl.exe
2. Optional: If a proxy server is set up between the computer from which you are uploading the disconnected scan results and the License Metric Tool server, provide proxy parameters in the CURL_PARAMETERS parameter.
```
CURL_PARAMETERS="-k -s -x <user>:<pwd>@<protocol>://<host>:<port>"
```
  Important:
  - The set of required parameters depends on the settings of your proxy server.
  - The value of the parameter must be provided with quotation marks on Linux and without quotation marks on Windows.
  Where:
  
  <user>
  
  Name of the user that is used to connect to the proxy server.
  
  <pwd>
  
  Password of the user that is used to connect to the proxy server.
  
  <protocol>
  
  Protocol that is used to connect to the proxy server, either http or https.
  
  <host>
  
  IP or host name of the proxy server.
  
  <port>
  
  Port of the proxy server.
When the PowerShell option is selected, the built-in PowerShell script for uploading scan results will be executed with the 'Bypass' execution policy.
For the changes to take effect, run the automation/configure.sh or automation/configure.bat script.

Results

Upload of packages is scheduled to run regularly. When the package is successfully uploaded to the disconnected data source, it is removed from the file system of the computer on which the scan was ran.

What to do next

To increase security of uploading disconnected scan results, see: Increasing security of uploading disconnected scan results.