Configuring and Executing the AppViewX Code Scan Agent

AppViewX’s code scan agent integrates with your code repositories to scan code for quantum vulnerabilities. The Code Scan Agent is triggered in the CI/CD pipeline every time code changes are made in your repository and generates the following output artifacts:
  • Cryptographic Bill of Materials (CBOM)
    • Provides detailed insights into code, highlighting the line numbers where non-PQC compliant algorithms are used, along with the corresponding class names and algorithm names
    • Includes remediation suggestions to help transition from non-PQC to PQC-compliant solutions
  • Static Analysis Results Interchange Format (SARIF)
    • Provides a comprehensive view of the cryptographic compliance status across the codebase

Deployment Types

AppViewX offers versatility in its deployment, catering to diverse organizational needs and infrastructures. To ensure seamless integration and comprehensive assessment, two primary deployment models are available:
  • Linux Executable
    Supported OS
    • Ubuntu 20.04 or above
    • RHEL 8 or above
    • (GLIBC version should be above 2.28)
  • Docker

    Supported OS: Any operating systems that support Docker Engine v20.10 or later versions

AppViewX Code Scan Agent: Execution Flow

Executing the code scan agent is a three-step process, as outlined below:
  1. Create the configuration file.
  2. Integrate the AppViewX Code Scan Agent with the CI/CD pipeline of your code repository.
  3. Execute the AppViewX Code Scan Agent.
Each of these steps is covered in detail in the subsequent chapters and sections.