Home
Administration
Define users, applications, policies, and configure DevOps integrations.
DevOps
Tools for incorporating AppScan 360° in your software development lifecycle.
REST API
The built-in REST API interface provides you with a way to visualize RESTful web services. The API documentation is built using Swagger, where you can test API operations and instantly view the results to help you scan your applications faster.
Generating API Keys
Use a Key ID and Key Secret to access the AppScan 360° REST APIs and to log in from some of the AppScan 360° client tools (for example, from the Jenkins plug-in and from the Static Analyzer Command Line Utility and IDE plug-ins).

Getting started
Welcome to the documentation for HCL AppScan 360°, where you can find information about how to install, maintain, and use this service.
Installation
Learn how to install the AppScan Central Platform and AppScan 360° Static Analysis.
Administration
Define users, applications, policies, and configure DevOps integrations.
- Users
  User management allows you to control access to sensitive applications by assigning them to asset groups and then adding specific users to those groups.
- Applications
  An application is a collection of scans related to the same project. It can be a web site, a desktop app, a mobile app, a web service, or any component of an app. Applications enable you to asses risk, identify trends, and make sure that your project is compliant with industry and organization policies.
- Policies
  You can apply the predefined policies, as well as your own custom policies, to show only data for the issues that are relevant for you.
- DevOps
  Tools for incorporating AppScan 360° in your software development lifecycle.
  - REST API
    The built-in REST API interface provides you with a way to visualize RESTful web services. The API documentation is built using Swagger, where you can test API operations and instantly view the results to help you scan your applications faster.
    - Generating API Keys
      Use a Key ID and Key Secret to access the AppScan 360° REST APIs and to log in from some of the AppScan 360° client tools (for example, from the Jenkins plug-in and from the Static Analyzer Command Line Utility and IDE plug-ins).
    - OData
      This section provides information and tips for using Open Data Protocol (OData) through the AppScan 360° API.
    - Export to CSV
      This section describes how to save response data as in CSV format.
  - Plugins and integrations
- Personal scans
  A personal scan is a way of evaluating the relative security of an application in development without affecting overall application scan data (issues, for example), or compliance.
- Scan status
- Audit trail
  The audit trail (Organization > Audit trail) logs user activity.
Navigation
This section describes the items on the main AppScan 360° menu bar, with links to more detailed information.
Static analysis
Use static analysis (SAST) to scan for security vulnerabilities in web and desktop applications. Static analysis includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).
Results
The Scans and Sessions page lists scans under the categories where you can view your scan results, including scan statistics. To view, rescan, or download reports, select a scan.
Reference
Some frequently asked questions, and information about integrating AppScan 360° into the product lifecycle (SDLC).

Generating API Keys

Use a Key ID and Key Secret to access the AppScan 360° REST APIs and to log in from some of the AppScan 360° client tools (for example, from the Jenkins plug-in and from the Static Analyzer Command Line Utility and IDE plug-ins).

About this task

A Key ID is unique to each user. If you do not have a Key ID, or if you have lost your Key Secret, you can generate a new combination. To generate a new key, either:

Procedure

Go to the API key page at the AppScan 360° service:
- https://<domain>/
Generate the key through the user interface:
1. SelectTools ( ) > API .
2. Click Generate, and make note of the Key ID and Key Secret for your records.
  
  Note: You cannot retrieve the Key Secret after you navigate away from this page. A new Key Id and Key Secret are created each time you click Generate. Your previous Key ID will be deleted and replaced with the new one.

What to do next

In Swagger, use the generated Key ID and Key Secret in the /api/v2/Account/ApiKeyLogin REST API to generate a new Bearer token. Then you can use the generated Token in the access token field in the Swagger interface.