Running FAST Node via the Wallarm API¶
To follow the steps described in this chapter, you need to obtain a token.
The following values are used as examples throughout this chapter:
token_Qwe12345as a token.
tr_1234as an identifier of a test run.
rec_0001as an identifier of a test record.
Running and configuration of FAST node comprises the following steps:
Deployment of the Docker Container with the FAST Node¶
Grant Access to Wallarm API Servers
It is crucial for the proper operation for the FAST node to have access to the
api.wallarm.com Wallarm API servers via the HTTPS protocol (
Make sure that your firewall does not restrict the Docker host from accessing the Wallarm API servers.
Some configuration is required prior to running the Docker container with the FAST node. To configure the node, place the token into the container using the
WALLARM_API_TOKEN environment variable. Additionally, you could use the
ALLOWED_HOSTS variable if you need to limit the number of requests to be recorded.
To pass the environment variables to the container, place the variables in a text file and specify the path to the file using the
--env-file parameter of the
docker run command (see the instructions in the “Quick Start” guide).
Run a container with the FAST node by executing the following command:
This guide assumes that the container runs only once for the given CI/CD job and is removed when the job ends. Therefore, the
--rm parameter was added to the command listed above.
Please refer to the “Quick Start” guide for a detailed description of the command’s parameters.
This example assumes that the FAST node uses the
token_Qwe12345 token and is set up to record all the incoming baseline requests which have
example.local as a substring of the
Host header’s value.
The content of a file with environment variables is shown in the following example:
The command below runs the Docker container named
fast-poc-demo with the following behavior:
- The container is removed after its job is done.
- The environment variables are passed to the container using the
- The container’s
8080port is published to the Docker host’s
If the FAST node deployment is successful, the container’s console and log file will contain the following informational messages:
Now the FAST node is listening on the Docker host’s IP address, and the port you specified earlier with the
-p parameter of the
docker run command.
Obtaining a Test Run¶
Acquiring a Test Policy Identifier¶
If you plan to employ your own test policy, then create one and get the policy’s identifier. Later, pass the identifier to the
policy_id parameter when doing an API call to create or copy the test run.
Otherwise, if you choose to use the default test policy, then the
policy_id parameter should be omitted from the API call.
Example of Test Policy
The “Quick Start” guide contains step-by-step instructions on how to create a sample test policy.
Creating a Test Run¶
When a test run is created, a new test record is created as well.
This method of test run creation should be used if it is required to test a target application along with recording of baseline requests.
How to Create a Test Run
This process is described in detail here.
The FAST node needs a certain amount of time to pass after the creation of the test run in order to record requests.
Make sure that the FAST node is ready to record requests before you send any requests to the target application using the test tool.
To do so, periodically check the test run status by sending the GET request to the URL
|Authorization is provided by the token
|HTTP header with the token:
|Serves to pass the token’s value to the API server
|The identifier of the test run whose state is to be obtained
Example of a request:
Example of a response:
If the request to the API server is successful, you will be presented with the server’s response. This response provides useful information, including the state of the recording process (the
ready_for_recording parameter’s value).
If the parameter’s value is
true, then the FAST node is ready to record and you can fire up your test tool to start sending requests to the target application.
Otherwise, repeatedly issue the same API call until the node is ready.
Copying a Test Run¶
When a test run is being copied, an existing test record is reused.
This way of test run creation is to be used if it is required to test a target application using already recorded baseline requests.
How to Copy a Test Run
This process is described in detail here.
Provided that a test run's has been successfully created, the FAST node begins testing immediately. There is no need to take any additional actions.
The Next Steps¶
The testing process can take a lot of time to complete. Use information from this document to determine if security testing with FAST has finished.