Static analysis client support
This topics describes the supported operating systems and the types projects that can be scanned by AppScan 360° when you perform static analysis.
Operating system support
- Windows: HCL AppScan 360° is supported on 64-bit systems and runs in 64-bit mode.
- macOS: HCL AppScan 360° is supported on 64-bit systems and runs in 64-bit mode.
- Linux: HCL AppScan 360° is supported on 64-bit systems only.
Command Line Utility support
Application server support
The Command Line Utility includes Apache Tomcat Version 7 application server .jar files that are used for basic JavaServer Page compilation. To achieve better compatibility, you can configure the CLI to use your own application server (supported application servers include Apache Tomcat versions 7 and higher, WebSphere® Application Server Versions 7, 8.0, and 8.5.x, and Oracle Weblogic Server version 10.3 and 12.x).
Command Line Utility and version compatibility
Your Static Analyzer Command Line Utility version is automatically checked when you:
- Issue the
appscan preparecommand on Windows™ or theappscan.sh preparecommand on Linux™ and macOS. - Use the Run Static Analysis action in an integrated development environment that has the static analysis plug-in installed.
- Use the
prepareoption to generate an IRX file for a Maven project. - Upload an IRX file by using the
appscan queue_analysiscommand on Windows™ or theappscan.sh queue_analysiscommand on Linux™ and macOS. - Upload an IRX file to the cloud.
When you perform any of the above actions using a version of the Command Line Utility that is no longer supported, a message will indicate that the Command Line Utility must be updated. In this case, download and set up the latest Command Line Utility
Plugin support
Jenkins support
The AppScan 360° Jenkins plug-in allows you to add dynamic and static analysis build steps to your Jenkins build projects. You can install the plug-in to Jenkins Versions 2.222.4 or higher. From the plug-in, you can connect to the AppScan 360° service on Cloud Marketplace.
Visual Studio Team Services/Team Foundation Server (Azure DevOps) support
The Visual Studio Team Services/Team Foundation Server (Azure DevOps) plugin allows you to scan static and dynamic VSTS and TFS projects. HCL AppScan 360° supports TFS version 2018 update 2 and newer. To learn more about the plugin, see, Installing and using the Azure DevOps Services plugin.
AppScan Go! support
AppScan Go! is supported on Windows™, Linux™, and Mac.
REST APIs
| Language | Upload source code | Upload source code + build artifacts | Upload IRX (generate IRX locally) |
| C/C++ | To scan file types listed as "source code-only" in the language support table.1 | To scan byte code file types listed under default content in the language support table. | |
| Java and Java web content | N/A |
|
|
| .NET | To scan file types listed as "source code-only" in the language support table.1 | To scan byte code file types listed under default content in the language support table. | |
| Others |
Always. appscan-config is not needed. Archive must contain the entire directory structure of the target code to be scanned. |
- Source code-only option performs a scan on the source code without resolving
dependencies. Set the source code-only option in a configuration file as
follows:
<?xml version="1.0" encoding="UTF-8"?> <Configuration sourceCodeOnly="true"> <Targets> <Target path=./SimpleIOT" /> </Targets> </Configuration>