Jump to main content
HCL Logo Product Documentation
Customer Support Software Academy Community Forums
HCL AppScan on Cloud Help
  • Getting started
  • Navigation
  • Administration
  • Dynamic analysis
  • Interactive monitoring
  • Software Composition Analysis
  • Static analysis
  • Results
  • Troubleshooting
  • FAQ & Reference
  1. Home
  2. Administration

    Define users, applications, policies, and configure DevOps integrations.

  3. DevOps

    Tools for incorporating ASoC in your software development lifecycle.

  4. Integrations
  • Getting started

    Welcome to the documentation for HCL AppScan on Cloud, where you can find information about how to install, maintain, and use this service.

  • Navigation

    This section describes the items on the main AppScan on Cloud menu bar, with links to more detailed information.

  • Administration

    Define users, applications, policies, and configure DevOps integrations.

    • Users

      User management allows you to control access to sensitive applications by assigning them to asset groups and then adding specific users to those groups.

    • Applications

      An application is a collection of scans related to the same project. It can be a web site, a desktop app, a mobile app, a web service, or any component of an app. Applications enable you to asses risk, identify trends, and make sure that your project is compliant with industry and organization policies.

    • Policies

      You can apply the predefined policies, as well as your own custom policies, to show only data for the issues that are relevant for you.

    • DevOps

      Tools for incorporating ASoC in your software development lifecycle.

      • REST API

        The built-in REST API interface provides you with a way to visualize RESTful web services. The API documentation is built using Swagger, where you can test API operations and instantly view the results to help you scan your applications faster.

      • Webhooks

        Webhooks can be used to receive notifications about events that occur in AppScan on Cloud.

      • Integrations
        • Adding security analysis to your Jenkins automation server

          The HCL AppScan Jenkins plug-in allows you to add security scan support to your Jenkins projects. The plug-in allows you to connect to HCL AppScan on Cloud on HCL AppScan on Cloud.

        • Installing and using the Azure DevOps Services plugin

          This task describes how to install and use the Azure DevOps Services plugin for running static or dynamic scans in your Azure DevOps Services and Team Foundation Server (TFS) pipelines. (Azure DevOps Services was previously known as Visual Studio Team Services (VSTS)).

        • ASoC and Jira Cloud

          HCL AppScan integration for Jira Cloud facilitates automatic or ad-hoc creation of Jira tickets for security issues identified by AppScan on Cloud.

        • Setting up an AppScan Presence to scan a GitHub repository directly.

          You can use an AppScan Presence to run static analysis on GitHub Enterprise repositories.

    • Personal scans

      A personal scan is a way of evaluating the relative security of an application in development without affecting overall application scan data (issues, for example), or compliance.

    • Scan status
    • Audit trail

      The audit trail (Organization > Audit trail) logs user activity.

  • Dynamic analysis

    AppScan on Cloud performs security scans for web-applications for production, staging and development environments. For development environments it is aided by Private Site Scanning technology to scan applications not accessible to the open Internet.

  • Interactive monitoring

    Using an agent installed on your application, ASoC identifies security vulnerabilities in your application during runtime by monitoring all interactions, both legitimate and malicious. The process is "passive," in the sense that IAST does not send its own tests, and can therefore run indefinitely.

  • Software Composition Analysis

    Use Software Composition Analysis (SCA) to scan for security vulnerabilities in open source and third-party packages used by your code. SCA includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).

  • Static analysis

    Use static analysis (SAST) to scan for security vulnerabilities in web and desktop applications. Static analysis includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).

  • Results

    The Scans and Sessions page lists the scans under the categories DAST, SAST, SCA, and IAST, where you can view your scan results, including scan statistics. To view, rescan, or download reports, select a scan.

  • Troubleshooting

    If you experience problems with this service, you can perform these troubleshooting tasks to determine the corrective action to take.

  • FAQ & Reference

    Frequently asked questions, information about integrating ASoC into the product lifecycle (SDLC), and ASoC API documentation.

Integrations

  • AppScan on Cloud offers various plugins and integrations, that are listed on the AppScan on Cloud Integrations page.
  • See also the Community Plugins GitHub repository
  • Share: Email
  • Twitter
  • Disclaimer
  • Privacy
  • Terms of use
  • Cookie Preferences