Welcome
Installation
Learn about AppScan 360° architecture and how to install the product.
Distributed installation of AppScan 360°
Installing AppScan 360°

Getting started
Welcome to the documentation for HCL AppScan 360°, where you can find information about how to install, maintain, and use this service.
Installation
Learn about AppScan 360° architecture and how to install the product.
- Installation file locations
- Single VM installation of AppScan 360°
- Distributed installation of AppScan 360°
- Configuring user authentication
  Authenticate users for AppScan 360° using either single sign-on (SSO) or LDAP authentication.
- Updating the Software Composition Analysis (SCA) vulnerability database
  The Software Composition Analysis (SCA) vulnerability database includes the most popular security vulnerability databases (NVD, Github advisory, Microsoft MSRC), and a wide range of lesser-known security advisories and open source project issue trackers. AppScan 360° users can enable automatic updating of the SCA vulneratility database at installation or configure manual updating.
- Managing AppScan 360° deployments in My HCLSoftware
  AppScan 360° licenses are managed through the My HCL Software (MHS) portal. Create a license deployment in MHS, specify license entitlements, and download a license file from MHS, then upload that file to AppScan 360°.
- Opening AppScan 360° for the first time
- Upgrading or updating the AppScan 360° platform
- Uninstalling AppScan 360°
- Troubleshooting
Navigation
This section describes the items on the main AppScan 360° menu bar, with links to more detailed information.
Administration
Define users, applications, policies, and configure DevOps integrations.
Dynamic analysis
HCL AppScan 360° performs security scans for web-applications for production, staging and development environments.
Interactive monitoring
Using an agent installed on your application, AppScan 360° identifies security vulnerabilities in your application during runtime by monitoring all interactions, both legitimate and malicious. The process is "passive," in the sense that IAST does not send its own tests, and can therefore run indefinitely.
Software Composition Analysis
Use Software Composition Analysis (SCA) to scan for security vulnerabilities in open source and third-party packages used by your code. SCA includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).
Static analysis
Use static analysis (SAST) to scan for security vulnerabilities in web and desktop applications. Static analysis includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).
Results
The Scans and Sessions page lists the scans under the categories DAST, SAST, SCA, and IAST, where you can view your scan results, including scan statistics. To view, rescan, or download reports, select a scan.The Scans and Sessions page lists scans under the categories where you can view your scan results, including scan statistics. To view, rescan, or download reports, select a scan.
Reference
Some frequently asked questions, and information about integrating AppScan 360° into the product lifecycle (SDLC).

Installing AppScan 360°

Note: Perform all installation and configuration activities as an Administrator on the target system. In addition, the installing user must have the current .kube/config file in their home directory, and .kube/config must point to a valid and reachable cluster.

To install the AppScan 360°, including AppScan Remediation Advisories and the optional Software Composition Analysis (SCA) component:

Download the AppScan 360° installation script and the AppScan 360° installation files from MyHCLSoftware portal to a single directory location under /home/username. For example, /home/username/AppScan360.
Ensure all the .run files are included in the directory:
- AppScan360_OneClick_v2.0.0.run
- AppScan360_v2.0.0.run
- AppScan360_ASRA_v2.0.0.run
- AppScan360_SCA_v2.0.0.run
- singular-singular.clusterKit.properties
- AppScan360_readme_v2.0.00.html
In the folder to which the files were downloaded, provide executable permission to the installer by running:
```
chmod +x /home/username/AppScan360/*.run
```

Run the install script:

Note: While not required, we recommend specifying the folder location of the files, even though you are installing from the folder location.

./AppScan360_OneClick_v2.0.0.run --target <EXTRACTION_PATH> <PROPERTY_FILE_PATH> [--includesca] [--ignorecheck]


Parameter	Description
`<EXTRACTION_PATH>`	Path to extract and run components, relative or absolute.
`<PROPERTY_FILE_PATH>`	Full path to the `.properties` file containing system configuration.
`--includesca`	Include the Software Composition Analysis (SCA) component. Optional.
`--ignorecheck`	Skip pre-requisite validation checks. Optional.

For example:

./AppScan360_OneClick_v2.0.0.run --target home/<username>/AppScan360/extracted /home/<username>/AppScan360/singular-singular.clusterKit.properties --includesca

The installer first performs a set of validation checks:

Checks for PersistentVolume or StorageClass configuration.
Verifies Helm is available and responsive.
Validates Docker image push/pull to and from the configured registry.
Performs SQL Server connectivity check using a temporary Kubernetes pod.

When installation is complete, check logs at [AppScan360 extraction folder]/logs to verify system requirements are specified correctly and installation was successful.