Interview: Jeffrey Leggett, author of “setup_scanner”
Last updated on: September 6, 2020
The open source tool setup_scanner enables high-volume programmatic provisioning of QualysGuard scanners before deployment to virtualization infrastructure scanners. Setup_scanner was published on GitHub by Qualys' Jeffrey Leggett.
What’s your name and title?
Jeffrey Leggett, API and Integrations Product Manager at Qualys.
Besides living and breathing Qualys, how do you enjoy spending your free time?
I am an avid CrossFitter and mountain biker. Sleeping and eating rank up there, too.
Tell us more about what your scanner appliance app does.
I’m building an entire automated scanner deployment process for a customer to deploy thousands of scanners — one in every one of their retail stores.
What use cases does your app alleviate or solve?
Deploying thousands of scanners manually is not time or resource productive, so the app automates the complete workflow deployment. The reason I need to automate the entire scanner deployment process is volume. We have over 2000 (almost 2200 actually) scanners to deploy to the infrastructure in less than 6 weeks. Further, because the stores are considered production environment, it can only be done during the 6 hour maintenance window 4 nights a week of between midnight and 6am, and it all has to be done before my customer hits their retail freeze for the holidays (which starts in October).
What led you to choose Perl for your app?
I’ve been writing Perl for 20+ years, so it’s my goto. Plus, CPAN modules make most problems trivial. I’d like to go back and rewrite these all in Ruby at some point for learning purposes, as I have been learning Ruby, but that’s on my to-do list for later.
Given the time, how could you have improved the app?
I’d like more time to streamline the XML parsing. Hopefully I will get that done as I continue writing the workflow code.
How can we make our API easier to use?
Having the v1 and v2 docs combined into ONE doc would be nice, and, non-trivially, an SOA Gateway solution for our API would add a lot of useful functionality (like layer 7 or SOA technologies, among many others). It would be great to have no concurrency or daily limits; auto registration for users; and transformations (for example, with an SOA gateway, JSON to XML and vice versa becomes trivial).
What advice do you have for others to hope to build an app for QualysGuard?
Use XML XPath libraries to parse Qualys output and save yourself a lot of headaches!
Any future QualysGuard app plans? :-)
I’ll be adding a lot more scripts in the next months to Qualys Community for everything from the post processing of the scanner to managing the virtualized environment (i.e. adding VLAN’s, asset groups, scan jobs) to reporting as well, stay tuned!