Report and log commands (Linux and macOS)

Use report commands to generate scan logs and reports.

  • appscan.sh get_logs
  • appscan.sh get_report

appscan.sh get_logs

Syntax:

appscan.sh get_logs -d <file_path>  -i <scan_id>

Description:

This command generates a scan log. The default files in the resulting logs.zip file are:

  • analyzer.log
  • appscan-config.xml
  • SASTAgent.log
  • scan.manifest
  • scan.manifest.json

Required options:

  • -i: Specify -i <scan_id>, where <scan_id> is the scan ID for which you are creating a report.

Optional flags/settings:

  • -d : Specify -d <file_path>, where <file_path> is the fully qualified path of the logs file destination. If this flag is not specified, AppScan 360° downloads the log file to the current working directory.
Tip: Options can be used in any order.

appscan.sh get_report

Syntax:

appscan.sh get_report -d <file_path> -f <format> -i <target_id> -locale <locale> -rt <reg_type> -s <scope> -t <type> -title <title> -applyPolicies

Description:

This command queues a report job for a specific application or scan, then downloads that report once the job is complete.

Required options:

  • -f : Specify -f <format>, where <format> is the file format of the requested report. Valid options are HTML, CSV, and XML.
    Note: PDF reports are not available for AppScan 360°.
  • -i: Specify -i <target_id>, where <target_id> is the scan or application ID for which you are creating a report.
  • -s: Specify -s <scope>, where <scope> is the scope of the report to create. Valid options are application or scan.
  • -t: Specify -t <type>, where <type> is the type of report to create. Valid options are issues, security, regulation, or licenses.

Optional flags/settings:

  • -d : Specify -d <file_path>, where <file_path> is the fully qualified path of the report file destination. If this flag is not specified, the report file is downloaded to the current working directory.
  • -ds: Disable the "Summary" section within the generated report. By default, the "Summary" section is included unless this flag is used.
  • -dtoc: Disable the "Table of Contents" section within the generated report. By default, the "Table of Contents" (including fix groups) is included unless this flag is used.
  • -locale : Specify -locale <locale>, where <locale> is the geographic locale of the report. If this flag is not specified, the nl_en locale is applied by default.
  • -rt: Specify -rt <reg_type>, where <reg_type> is the full name of the specific regulation report type to be generated. A valid regulation report name is required to use this flag. The flag values are case-sensitive.
    Regulation report -rt Flag value
    EU General Data Protection Regulation (GDPR) EuGdpr_2016
    PCI Compliance PCI
    US DISA's Application Security and Development STIG. V5R1 DisaStig
    US Electronic Funds and Transfer Act (EFTA) Efta
    CANADA Freedom of Information and Protection of Privacy Act (FIPPA) Fippa
    US Health Insurance Portability and Accountability Act (HIPAA) Hipaa
    Payment Application Data Security Standard Padss
    US Sarbanes-Oxley Act (SOX) Sox
    US Federal Information Security Mgmt. Act (FISMA) Fisma
    NIST Special Publication 800-53 Nist
    OWASP Top 10 2017 OwaspTop10_2017
    CWE/SANS Top 25 Most Dangerous Errors Sans25
    OWASP Top 10 Mobile 2016 OwaspTop10Mobile_2016
    International Standard - ISO 27002 ISO27002
    International Standard - ISO 27001 ISO27001
    WASC Threat Classification v2.0 Wasc
  • -title: Specify -title <title>, where <title> is the title of the report. If this flag is not specified, "AppScan Security Report" is applied by default.
  • -applyPolicies: Using this flag applies all the application policies to the scan.
Tip: For all commands, options can be used in any order.