Jump to main content
HCL Logo Product Documentation
Customer Support Software Academy Community Forums
HCL AppScan 360 Help
  • Getting started
  • Installation
  • Administration
  • Navigation
  • Dynamic analysis
  • Static analysis
  • Results
  • Reference
  1. Home
  2. Administration

    Define users, applications, policies, and configure DevOps integrations.

  3. DevOps

    Tools for incorporating AppScan 360° in your software development lifecycle.

  4. Plugins and integrations
  • Getting started

    Welcome to the documentation for HCL AppScan 360°, where you can find information about how to install, maintain, and use this service.

  • Installation

    Learn about AppScan 360° architecture and how to install the product.

  • Administration

    Define users, applications, policies, and configure DevOps integrations.

    • Users

      User management allows you to control access to sensitive applications by assigning them to asset groups and then adding specific users to those groups.

    • Applications

      An application is a collection of scans related to the same project. It can be a web site, a desktop app, a mobile app, a web service, or any component of an app. Applications enable you to asses risk, identify trends, and make sure that your project is compliant with industry and organization policies.

    • Policies

      You can apply the predefined policies, as well as your own custom policies, to show only data for the issues that are relevant for you.

    • DevOps

      Tools for incorporating AppScan 360° in your software development lifecycle.

      • REST API

        The built-in REST API interface provides you with a way to visualize RESTful web services. The API documentation is built using Swagger, where you can test API operations and instantly view the results to help you scan your applications faster.

      • Plugins and integrations
        • Adding security analysis to your Jenkins automation server

          The HCL AppScan Jenkins plug-in allows you to add security scan support to your Jenkins projects. The plug-in allows you to connect to HCL AppScan 360° on HCL AppScan 360°.

        • Installing and using the Azure DevOps Services plugin

          This task describes how to install and use the Azure DevOps Services plugin for running static or dynamic scans in your Azure DevOps Services and Team Foundation Server (TFS) pipelines. (Azure DevOps Services was previously known as Visual Studio Team Services (VSTS)).

    • Personal scans

      A personal scan is a way of evaluating the relative security of an application in development without affecting overall application scan data (issues, for example), or compliance.

    • Scan status
    • Audit trail

      The audit trail (Organization > Audit trail) logs user activity.

  • Navigation

    This section describes the items on the main AppScan 360° menu bar, with links to more detailed information.

  • Dynamic analysis

    AppScan on Cloud performs security scans for web-applications for production, staging and development environments.

  • Static analysis

    Use static analysis (SAST) to scan for security vulnerabilities in web and desktop applications. Static analysis includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).

  • Results

    The Scans and Sessions page lists scans under the categories where you can view your scan results, including scan statistics. To view, rescan, or download reports, select a scan.

  • Reference

    Some frequently asked questions, and information about integrating AppScan 360° into the product lifecycle (SDLC).

Plugins and integrations

  • AppScan 360° supports the CI/CD plugins for Azure DevOps, and Jenkins, and the IDE plugin for Visual Studio 2022.
  • New plugins are added regularly. See Plugins and APIs.
  • Share: Email
  • Twitter
  • Disclaimer
  • Privacy
  • Terms of use
  • Cookie Preferences