Jump to main content
HCL Logo Product Documentation
Customer Support Software Academy Community Forums
HCL AppScan 360 Help
  • Getting started
  • Installation
  • Administration
  • Navigation
  • Static analysis
  • Results
  • Reference
  1. Home
  2. Static analysis

    Use static analysis (SAST) to scan for security vulnerabilities in web and desktop applications. Static analysis includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).

  3. Scanning for security vulnerabilities

    To scan source code for security vulnerabilities, follow the steps in these topics.

  4. Using the Static Analyzer Command Line Utility

    The Static Analyzer Command Line Utility (SAClientUtil) is used to generate an IRX that can be scanned in a AppScan on Cloud or AppScan 360°. The appscan.sh prepare command is supported for use with AppScan 360° Static Analysis.

  5. CLI command reference (Windows)

    Windows-specific commands for performing static analysis using a small client command line interface (CLI) that you download and extract to your local disk.

  • Getting started

    Welcome to the documentation for HCL AppScan 360°, where you can find information about how to install, maintain, and use this service.

  • Installation
  • Administration

    Define users, applications, policies, and configure DevOps integrations.

  • Navigation

    This section describes the items on the main AppScan 360° menu bar, with links to more detailed information.

  • Static analysis

    Use static analysis (SAST) to scan for security vulnerabilities in web and desktop applications. Static analysis includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).

    • System requirements for static analysis

      Supported operating systems and the types of files, locations, and projects that can be scanned by AppScan 360° when you perform static analysis.

    • Scanning for security vulnerabilities

      To scan source code for security vulnerabilities, follow the steps in these topics.

      • Configure a scan in AppScan 360°

      • Configuring a scan using AppScan Go!

        Use AppScan Go! to configure a static scan. You can then run the scan in the cloud or use a plugin to automate scanning.

      • Using the Static Analyzer Command Line Utility

        The Static Analyzer Command Line Utility (SAClientUtil) is used to generate an IRX that can be scanned in a AppScan on Cloud or AppScan 360°. The appscan.sh prepare command is supported for use with AppScan 360° Static Analysis.

        • Setting up the Static Analyzer Command Line Utility

          For static analysis, download a small Command Line Utility. When you extract the utility to your local disk, you can use its command line interface (CLI) to perform security analysis.

        • Configuring IRX file generation with the CLI

          Use a configuration file for IRX file generation, wherein you can specify individual targets, or include or exclude targets. In addition, you can use the configuration file to specify additional information that would help to generate a complete IRX file.

        • Generating an IRX file using the command-line interface (CLI)

          To initiate an analysis of your files, you must generate an IRX file to submit for scanning. To use the CLI to generate the IRX file, follow these instructions.

        • CLI command reference (Windows)

          Windows-specific commands for performing static analysis using a small client command line interface (CLI) that you download and extract to your local disk.

          • Command help

            Use the command help for retrieving a list of available commands or for retrieving information about an individual command.

          • Global commands

            Use global commands to display CLI help and Static Analyzer Command Line Utility version information.

          • Authentication commands

            Use authentication commands to log in to the AppScan 360° service.

          • Configuration commands

            Use configuration commands to prepare your files for scanning.

          • Analysis commands

            Analysis commands are used for submitting scan requests for analysis - or for working with scan requests that are already submitted. Using the commands, you can also receive information about scans. This information can be useful for automation scripts.

          • Results commands

            Use results commands to retrieve scan results from the analysis service.

          • Report commands

            Use report commands to generate scan reports.

        • CLI command reference (Linux and macOS)

          Linux-specific commands for performing static analysis using a small client command line interface (CLI) that you download and extract to your local disk.

      • Language-specific features

      • Static analysis scan results

        Features available in static analysis scan results.

    • Sample applications and scripts
    • Static analysis troubleshooting

      If you experience problems with static analysis, you can perform these troubleshooting tasks to determine the corrective action to take.

  • Results

    The Scan History tab of your application displays your scan results (including scan statistics) and rescan options.

  • Reference

    Some frequently asked questions, and information about integrating AppScan 360° into the product lifecycle (SDLC).

CLI command reference (Windows™)

Windows-specific commands for performing static analysis using a small client command line interface (CLI) that you download and extract to your local disk.

  • Command help
  • Analysis commands
  • Global commands
  • Configuration commands
  • Authentication commands
  • Results commands
  • Report commands
Note: All commands must be entered in lower-case.
  • Share: Email
  • Twitter
  • Disclaimer
  • Privacy
  • Terms of use
  • Cookie Preferences