The Cybersecurity Extension for SAP provides an alternative to SAP Code Vulnerability Analyzer (CVA) for SAP vulnerability management, threat detection, and custom code security. The Cybersecurity Extension for SAP is developed by Layer Seven Security. Layer7 is an SAP partner and competitor of SAP CVA. This guide will help you plan for the transition from SAP CVA to the Cybersecurity Extension for SAP. Once you have transitioned from SAP CVA, you can remove the SAP CVA consoles and sensors from your SAP landscape, as well as the SAP CVA users and addons in your SAP systems.
Unlike SAP CVA, the Cybersecurity Extension for SAP is an addon for SAP Solution Manager. Solution Manager is a monitoring and diagnostics platform widely used by SAP customers for application lifecycle management. Over 12,000 SAP customers worldwide are actively using Solution Manager to manage their SAP systems. Usage rights for Solution Manager are included in SAP support.
The Cybersecurity Extension for SAP requires the standard setup of Solution Manager. This guide will help you review your Solution Manager setup and prepare your platform to ensure a smooth transition from SAP CVA to the Cybersecurity Extension for SAP.
Check central system
The Cybersecurity Extension for SAP applies code vulnerability checks using the ABAP Test Cockpit (ATC). A central check system is recommended for the ATC. The central system performs code analysis for remote systems. Please refer to the SAP guidelines for configuring a central system for your landscape. The latest version of the SAP Basis component is recommended for the central system to analyze custom code in systems with lower versions.