Skip to main content

Best practices for ISM endpoint management

Veracode recommends that you comply with these best practices for managing your endpoints to make the most effective use of Veracode Internal Scanning Management (ISM).

Install one endpoint in each network in which you want to scan

Veracode recommends that you install one endpoint in each network in which you scan your internal applications or REST APIs. For example, if you have applications deployed in multiple data centers, you install a unique endpoint for each data center.

Each endpoint is capable of supporting at least 30 concurrent scans, though a strong network connection and powerful server can improve this capability. If you reach or approach the limit to the capability of your endpoint machine, a message about thread limits or an OutOfMemoryError message about Java memory may appear in the endpoint logs.

Scans wait in a queue only when you reach your Dynamic Analysis scan capacity.

Install endpoints with the endpoint installer

On Windows and Linux, the endpoint installer simplifies the installation process and creates a service that continuously runs the endpoint.

For manual installations, run endpoints as a service

If you manually install an endpoint, configure your machine to run the endpoint as a service.

Install endpoints close to the targets

To minimize network latency, install your endpoints in close proximity to the applications or REST APIs you plan to scan with the endpoint.

Do not try to install the same endpoint in multiple networks

You encounter an error if you attempt to run the same endpoint in more than one network. Create a new endpoint for each network in which you scan internal applications or REST APIs.

If an endpoint goes offline, restart it

  • Windows machines: Open the Services application from the Windows start menu, find the Veracode_ISM service, and select Start the service or Restart the service.
  • Linux machines: From the command line, enter service Veracode_ISM status to get the status of the ISM service. If it is running, enter service Veracode_ISM stop to stop it. When it has stopped, enter service Veracode_ISM start to start it.
  • Manual installations: Restart the endpoint JAR file from the command line.

If the endpoint does not come back online, contact Veracode Technical Support.

Monitor emails you receive from Veracode about your endpoints

Veracode sends an email notifying you when an endpoint goes offline and comes back online. In cases where an inconsistent network connection causes your endpoint to become unstable, repeatedly switching between online and offline, you receive a single email alerting you of the instability. After you receive the endpoint instability email, Veracode suspends notifications about the endpoint for 24 hours to avoid sending redundant email alerts.

You can also monitor the status of your endpoints on the gateway page of the Veracode Platform.