Getting started
Welcome to the documentation for HCL AppScan 360°, where you can find information about how to install, maintain, and use this service.
Installation
Administration
Define users, applications, policies, and configure DevOps integrations.
- Users
  User management allows you to control access to sensitive applications by assigning them to asset groups and then adding specific users to those groups.
  - User roles
    Users are assigned to asset groups by an administrator. Predefined user roles cannot be deleted.
    - Managing users
      Examine your users and decide who needs access to which apps and asset groups. Consider grouping them by business unit or geography.
    - Defining custom user roles
      A custom role is a set of permissions that are applied to a user so that they can perform certain administrative tasks.
    - Changing the default user role
      Administrators can change the default user role to any role (except Administrator), including a custom role. This ability helps you customize user access for your organization.
  - Asset groups
    Asset groups represent abstract components of your organization, like "Finance" or "Engineering." Administrators can restrict access to specific applications by assigning them to an asset group and limiting the users who belong in the group.
- Applications
  An application is a collection of scans related to the same project. It can be a web site, a desktop app, a mobile app, a web service, or any component of an app. Applications enable you to asses risk, identify trends, and make sure that your project is compliant with industry and organization policies.
- Policies
  You can apply the predefined policies, as well as your own custom policies, to show only data for the issues that are relevant for you.
- DevOps
  Tools for incorporating AppScan 360° in your software development lifecycle.
- Personal scans
  A personal scan is a way of evaluating the relative security of an application in development without affecting overall application scan data (issues, for example), or compliance.
- Scan status
- Audit trail
  The audit trail (Organization > Audit trail) logs user activity.
Navigation
This section describes the items on the main AppScan 360° menu bar, with links to more detailed information.
Static analysis
Use static analysis (SAST) to scan for security vulnerabilities in web and desktop applications. Static analysis includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).
Results
The Scan History tab of your application displays your scan results (including scan statistics) and rescan options.
Reference
Some frequently asked questions, and information about integrating AppScan 360° into the product lifecycle (SDLC).

User roles

Users are assigned to asset groups by an administrator. Predefined user roles cannot be deleted.

Note: The Administrator role is assigned to a user when your organization is created at the Cloud Marketplace. The Administrator can perform tasks in any asset group; all other user roles can perform tasks in only the asset groups to which they have been assigned. HCL recommends you specify at least one other user as a backup Administrator.

Table 1. Custom role capabilities
Capability	Administrator	Manager	Application Manager	Tester	Report Viewer
Applications
Create/modify apps, Assign apps to asset groups, Enable/disable policies in applications	X	X	X
Reset/delete apps	X	X	X
Asset Group Access
User has limited access to asset groups (access that is granted from Asset Group management page)		X	X	X	X
User has complete access to all asset groups	X
Create/modify asset group (name and description only)	X	X
Delete asset groups that this user can access	X	X
Grant/remove access to asset groups that this user can access	X	X
Scanning
Create/modify scans	X	X	X	X
Delete scans	X	X	X	X
Run and promote personal scans	X	X	X	X
Issue Management
Update issue status	X	X	X	X
Policy Management
Create/delete custom policies	X	X
Associate/disassociate a policy with an application	X	X	X
User Management
Assign user roles	X	Only in asset groups in which they themselves are a member
Create/modify roles	X	Only in asset groups in which they themselves are a member
Delete roles	X	Only in asset groups in which they themselves are a member
Premium Features
Schedule a call with an AppScan expert (Learn more about AppScan for You)	X	X