this document is for:

Deployment: Invicti Platform on-demand

Install an autoscaling agent using K8s

Invicti Platform allows you to use autoscaling agents to scan targets within your internal environment that aren't publicly accessible from the internet. This is also useful when you prefer not to trustlist Invicti cloud agents.

The autoscaling agent automatically scales scanner instances on your Kubernetes cluster, enabling multiple scans to run concurrently. The total number of concurrent scans depends on available cluster resources. Scaling is managed using KEDA (Kubernetes Event-driven Autoscaling), which dynamically adjusts scanner capacity based on scan queue demand.

This document explains how to install the Invicti autoscaling agent in your Kubernetes cluster. For other installation methods, refer to:

• Install an internal agent using Docker
• Install an internal agent with proxy settings - Use this if your internal agents require a proxy to connect to platform.invicti.com or platform-eu.invicti.com, these parameters must be specified when installing the internal agent.
• Install an internal agent on Windows

Limitations for internal agents

When the site is internal, and you prefer using internal agents for the scan, you cannot create a new Login Sequence Record (LSR) or Business Logic Record. However, you can import them. For further information about recording and downloading an LSR, refer to the Standalone login sequence recorder overview.

Prerequisites

Kubernetes environment

• A running Kubernetes cluster (version 1.19 or later recommended)
• Helm 3.x installed and configured
• kubectl installed and configured to access your cluster
• Cluster admin privileges to install the agent and KEDA components

Cluster resource requirements

Each scanner pod requires the following resources:

• CPU: 2 cores
• Memory (RAM): 6 GB
• Disk Space: 50 GB

The autoscaling agent uses KEDA to create scanner pods dynamically based on scan queue demand. Ensure your cluster has sufficient resources to accommodate multiple scanner pods running concurrently. The actual number of concurrent scans scales automatically based on available cluster capacity.

Access requirements

• Invicti Platform Administrator role
• Access to create namespaces and deploy Helm charts in your Kubernetes cluster

Trustlisting requirements

Your Kubernetes cluster must have network access to the Invicti Platform. Ensure the following domains are trustlisted:

• Trustlisting - US region
• Trustlisting - EU region

Steps to install an autoscaling agent on your Kubernetes cluster

1. Select Scans > Agents from the left-side menu.
2. Click Add new agent.

3. Enter a name for the agent and click the Kubernetes tile. The token that's displayed here is then used in the installation command.

4. By following the on-screen instructions you are going to run two commands - one to log in to the Invicti registry and one to install or update the Scalable internal agent in your Kubernetes cluster.

5. Click Done when complete.

6. Your agent is now installed. You can view it in Invicti by going to the Scans > Agents page.

You can now assign targets to the installed agent and commence testing your website.

---

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center