Skip to main content

Outpost

  • Updated

Use Outpost to run accessibility scans that integrate with the platform. Outpost enables scanning from your environment while reporting results back to the platform.

On this page:

Prerequisites

Before installing Outpost, ensure the following requirements are met.

Platform configuration

  • Your digital asset must have the Run scans with Outpost option enabled.

Environment requirements

  • Docker must be installed on the machine where you will run Outpost.
  • You must have access to Bitbucket in order to clone the Outpost repository.
  • A Cloudsmith NPM token to download the Access Engine during installation.
  • Outpost currently supports Linux/amd64 environments only.

Enable Outpost in the platform

Before installing Outpost, you must enable it for your tenant and configure a digital asset.

  1. Navigate to your tenant portal.
  2. Create a new digital asset dedicated to Outpost scans (Optional).
    Creating a dedicated asset prevents Outpost scans from affecting scan and monitoring settings that may already exist on shared assets.
  3. Open the digital asset you want to use.
  4. Scroll to the bottom of the asset configuration form.
  5. Enable the Run scans with Outpost option.
  6. Click Save to apply the changes.
Screenshot of the digital assets tab in the platform displaying multiple drop downs including Tags, default testing tool, Scanning agent.

Retrieve Outpost credentials

After enabling Outpost, you must retrieve the credentials required to connect your Outpost installation to the platform.

  1. Navigate to the organizational level. 
  2. Under Manage, select Tools & Integrations, and then Tools & Extensions.
  3. Locate Outpost in the available tools.
    Screenshot of the Tools & extensions page, displaying icons and names of the applications available for downloading from the Level access platform.
  4. Select Installation instructions.
  5. Download the following files:
    • YAML file – Contains your tenant-specific credentials.
    • docker-compose.yml – Contains the Docker Compose configuration required to run Outpost.
      Screenshot of the Outpost download configuration files instructions page. displaying a step by step guide on setting up the application.
  • Store both files securely 

Open the downloaded YAML file in a text editor.

The file contains two credentials:

saEncryptionKey
apiKey

Example:

saEncryptionKey: abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789
apiKey: abcd1234-ab12-cd34-ef56-abcdef123456

These credentials apply to your entire tenant and are required for the installation process.

Log in to the Docker registry

Authenticate with the Level Access Docker registry before downloading the Outpost image.

docker login docker.levelaccess.net -u docker-client -p <docker-registry-token>

Please note: Do not share your Docker registry token or commit it to source control.

Pull the Outpost image

Download the latest Outpost image.

docker pull docker.levelaccess.net/docker-client/scanning-agent:latest

Install Outpost from source code

You can install Outpost using Docker after cloning the repository.

Clone the repository

  1. Clone the repository from Bitbucket:

    http://bitbucket.org/levelaccess/scanning-agent
  2. Open a terminal in the cloned directory.

Configure environment variables

Before running Outpost, configure the required environment variables.

Replace the example values with your tenant information, encryption key, API key, and Level Access NPM token.

export PLATFORM_URL="https://your-platform-url"
export ENCRYPTION_KEY="your-encryption-key"
export API_KEY="your-api-key"
export LEVEL_ACCESS_NPM_TOKEN="your-npm-token"
Variable Description
PLATFORM_URL Your Level Access Platform tenant URL
ENCRYPTION_KEY Encryption key from the YAML file
API_KEY API key from the YAML file
LEVEL_ACCESS_NPM_TOKEN Token used to download Access Engine during installation


The NPM token is only required during the initial setup process.

Start Outpost with Docker

Run the following command to start the Outpost services:

docker compose -f docker-compose.deps.yml -f docker-compose.yml up -d

The first run may take longer because Docker downloads the required images and builds the Outpost image.

Manage the Outpost Docker services

You can use the following commands to monitor and manage the installation.

View Outpost logs

Monitor scanning progress:

docker compose logs -f

View logs for all Docker services

Use this command to troubleshoot dependencies:

docker compose -f docker-compose.deps.yml -f docker-compose.yml logs -f

Restart services

docker compose -f docker-compose.deps.yml -f docker-compose.yml restart

Stop services

docker compose -f docker-compose.deps.yml -f docker-compose.yml down

Run scans using Outpost

After Outpost is installed and running, you can run scans from the platform.

Verify the Outpost connection

  1. Open the configured digital asset.
  2. Locate the Last heartbeat message.

The heartbeat indicates the last time Outpost successfully communicated with the platform.
If the platform indicates that Outpost may be down, verify your installation and ensure the Docker services are running.

Start a scan

To run a scan:

  1. Open the configured digital asset.
  2. Select Run scans.
    Scans page screenshot. It displays the scans page with the run scan button to start scanning, different fields to search by URL, and a section for scan titles and scan tags.
  3. Choose either:
    • Quick scan
    • Advanced scan

Outpost detects the scan request and begins processing it.

Monitor scan execution

You can monitor the scan progress through the Outpost service logs.

Look for log messages such as:

  • Scan results ready
  • Scan results processed

These messages indicate that the scan completed successfully and the results were sent to the platform.

Review scan results

After the scan completes, you can review the results directly in the Level Access Platform within the digital asset.

Secure your credentials

  • Do not share your Docker registry token.
  • Do not commit credentials to source control.
  • Store the downloaded YAML file securely.
  • Treat the API key and encryption key as tenant-level secrets.

Related articles

Comments

0 comments

Article is closed for comments.