Roles and workflows
Learn about different AppScan 360° tasks and workflows for different AppScan 360° users.
AppScan 360° Roles
Not all AppScan 360° functions and tasks are performed by the same person – though they could be. Ensure the persons performing AppScan 360° tasks have the appropriate permissions on relevant systems and according to company policy for their roles.
Administrative tasks
Administrative tasks are higher-level tasks that enable users to run and report on scans seamlessly within organizational policy and guidelines. Administrator tasks include, but may not be limited to:
- Installation of AppScan 360°
- Single VM installation
- Express (proof-of-concept) installation
- Custom (production) installation
- Distributed installation
- Standard install of both the AppScan 360° platform and AppScan Remediation Advisories
- Helm installation of both the AppScan 360° platform and AppScan Remediation Advisories
- Single VM installation
- Configure manual updates for the Software Composition Analysis (SCA) vulnerablity database, if applicable.
- Configure authentication
- Licensing
- Troubleshooting installation
- Defining and administering users
- Defining and administering asset groups
- Defining and administering policies
- Setting up DevOps integrations
- Overseeing audits
- Regularly reviewing AppScan 360° operation and settings
User tasks
User tasks are core scanning and remediation tasks. With administrative tasks complete, users can focus on making sure code is clean and secure. User tasks include, but may not be limited to:
- Creating applications
- Setting up scans
- Configuring scan automation
- Running scans
- Working with logs
- Triaging scan results
- Understanding issues
- Running reports
- Remediating code
- Rescanning
Common workflows
How you work within your organization depends on a variety of factors. However there are some common workflows.
- Decide whether to perform an express or custom installation of AppScan 360°.
- Set up the environment and have available answers to questions that will be asked as part of the installation script.
- Download and install the AppScan 360° platform and AppScan Remediation Advisories using the single VM install script
- Verify correct installation
- Configure licensing
- Upgrade ASCP and AppScan 360° as needed
- Configure DevOps integrations
IT administrator workflow for distributed installation
- Decide whether to install AppScan 360° using archive files from My HCLSoftware download and license portal, or using Helm files from Harbor.
- Set up the environment for AppScan 360° and prepare configuration file
- Download and install the AppScan 360° platform and AppScan Remediation Advisories
- Verify correct installation
- Configure manual SCA vulnerablity database updates, if applicable
- Configure authentication method
- Configure licensing
- Update or upgrade the AppScan 360° platform and AppScan Remediation Advisories
- Configure DevOps integrations
AppScan administrator workflow
- Set up users
- Set up asset groups
- Set up policies
AppScan user workflow
- Set up applications
- Configure and run scans
- Triage results, including traces and fix groups
- Run reports
- Understand issue status and severity
- Remediate issues
- Rescan
- Repeat triage, reporting, and remediation as needed