Package: Invicti AppSec Enterprise (on-premise, on-demand)
Server host requirements
Whether the installation is PoC or Production will determine the Invicti AppSec server requirements.
This page will help you determine the appropriate system resources to allocate for your Invicti AppSec instance.
All-in-one installation
| Configuration | vCPU | RAM (GB) | Disk (GB) | Operating System | Web Server | Dependencies |
|---|---|---|---|---|---|---|
| Invicti AppSec PoC | 4 | 16 | 90 | Debian & RHEL based distros | Latest Nginx | Latest Docker & Docker Compose Latest Git MongoDB Shell & MongoDB Database Tools |
| Invicti AppSec Production | 8 | 64 | 250 | Debian & RHEL based distros | Latest Nginx | Latest Docker & Docker Compose Latest Git MongoDB Shell & MongoDB Database Tools *MongoDB 5 + |
Note: It will be necessary if your organization doesn't prefer to use Docker for the database environment, but this is optional.
During the PoC phase, the database will be hosted on a Docker container for quick responsiveness.
The services (Jira, Jenkins, etc.) that Invicti AppSec will be orchestrating will also need to be connected to the server.
Distributed installation
Depending on the usage intensity of Invicti AppSec, you can apply this installation option.
Usage intensity depends on the number of the following values:
- Projects
- Users
- Scans
| Configuration | vCPU | RAM (GB) | Disk (GB) | Operating System | Web Server | Dependencies |
|---|---|---|---|---|---|---|
| Application Server | 4 | 64 | 90 | Debian & RHEL based distros | Latest Nginx | Latest Docker & Docker Compose Latest Git |
| Database Server | 8 | 64 | 250 | MongoDB 5 + |
This installation is recommended when the resources of the Docker database environment or the server that is used as both application and database servers are insufficient.
"SCRAM-SHA-1" and "SCRAM-SHA-256" are the default authentication mechanisms used by Invicti AppSec for the DB.
Network requirements
The following services should be reachable by the Invicti AppSec host:
- Application Lifecycle Management (ALM) tools: such as Github, Gitlab, etc.
- Issue Manager Service
- Scanner Tools
- Docker.hub (source):
- https://hub.docker.com
- https://registry-1.docker.io
- https://production.cloudflare.docker.com
- https://login.docker.com
- or your private container registry
- Registration server: https://control-panel.kondukto.io
- Demohub server (optional): https://demohub.kondukto.io
- SBOM Radar (optional): https://api.osv.dev
- Download server: https://download.kondukto.io
- SecureCodeWarrior (optional): https://integration-api.securecodewarrior.com
- SecureFlag (optional): https://knowledge-base.secureflag.com
- EPSS: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
- EPSS: https://api.first.org/*
- PYPI: https://pypi.org
Best practices for the Invicti AppSec environment
- The Invicti AppSec Application Server will perform better with r5.xlarge instances and gp3 disks if AWS is used.
- Installing the DB as a cluster would make your environment more redundant against possible corruption issues. It will also make the I/O faster.
- Getting a daily backup of the environments is recommended to have data recovery plans.
- While sizing the disk, make sure these three paths have at least 20 GB of space separately:
/opt//tmp/var/log/
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center