Roles and workflows
Learn about different ASoC tasks and workflows for different authorized ASoC users with a valid subscription.
ASoC Roles
Not all ASoC functions and tasks are performed by the same person – though they could be. Ensure the persons performing ASoC tasks have the appropriate permissions on relevant systems and according to company policy for their roles.
Administrative tasks
Administrative tasks are higher-level tasks that enable users to run and report on scans seamlessly within organizational policy and guidelines. Administrator tasks include, but may not be limited to:
- Managing the ASoC subscription
- Defining and administering users
- Defining and administering asset groups
- Defining and administering policies
- Setting up DevOps integrations
- Overseeing audits
- Regularly reviewing ASoC operation and settings
User tasks
User tasks are core scanning and remediation tasks. With administrative tasks complete, users can focus on making sure code is clean and secure. User tasks include, but may not be limited to:
- Creating applications
- Setting up scans
- Configuring scan automation
- Running scans
- Working with logs
- Triaging scan results
- Understanding issues
- Running reports
- Remediating code
- Rescanning
General workflows
How you work within your organization depends on a variety of factors. However there are some common workflows:
ASoC administrator workflow
- Create an ASoC account
- Configure DevOps integrations
- Set up users
- Set up asset groups
- Set up policies
- Manage installation and use of ASoC components (AppScan Presence,HCL AppScan Traffic Recorder, AppScan Go!)
ASoC user workflow
- Set up applications
- Configure and run scans: DAST, IAST, or SAST
- Triage results, including traces and fix groups
- Run reports
- Understand issue status and severity
- Remediate issues
- Rescan
- Repeat triage, reporting, and remediation as needed