Integrations

AppScan on Cloud offers various plugins and integrations, that are listed on the AppScan on Cloud Integrations page:

New plugins are added regularly. See Integrations.

Plugin/Integration/Action Supported plugin version Description
Integrated Development Environment (IDE)
HCL AppScan extension for Visual Studio 2022 2.5 and newer Scan source code early in development lifecycle using the HCL CodeSweep integration.
Visual Studio Code 1.2.5 and newer Detect SAST vulnerabilities early in the development life cycle.
HCL AppScan JetBrains Plugin, including IntelliJ Idea, PyCharm, WebStorm, PhpStorm, Rider, CLion, GoLang, RubyMine 2.9 and newer. Pull scans and fix groups data from ASoC within the IDE.
Continuous Integration/Continuous Development (CI/CD)
GitHub Community Plugins N/A Community-developed integrations, API and CLI wrapper scripts, and other helpful tools.
HCL AppScan Codesweep GitHub Action 2.1 and newer Scans modified code in pull requests alerting you to vulnerabilities before the code reaches your main branch.
Maven 1.0.13 and newer Integrates SAST scans of your Java projects into the Maven build.
Gradle 1.0.10 and newer Integrates SAST scans of your Java projects into the Gradle build.
Jenkins 1.4.0 and newer Execute SAST and DAST scans using ASoC.
Azure DevOps 2.4.0 and newer Execute SAST and DAST scans using ASoC.
AWS N/A Incorporate security testing into your AWS CodeBuild and CodePipeline workflows.
Defect tracking systems
AppScan Issue Management Gateway Service, including Azure DevOps, Jira, and RTC 1.2.0 and newer Synchronize issues between HCL AppScan On Cloud and issue management systems.
JiraCloud N/A Import security issues into your Atlassian Jira Cloud instance
Vulnerability management
ServiceNow 1.2.2 and newer Import vulnerability data from ASoC into the ServiceNow Vulnerability Response platform.
ThreadFix N/A AppSec software platform to help DevSecOps management that centralizes your test and vulnerability data in one place.
CodeDX N/A Vulnerability management system that combines and correlates the results generated by a wide variety of static and dynamic testing tools.
AppScan client tools
AppScan Standard 10.0.0 Penetration-testing component of the HCL AppScan application security testing suite, used to test web applications and APIs.
AppScan Go! 2.1.0 AppScan Go! steps you through configuring and running a static scan.
SAST Client Util/CLI N/A Windows-specific commands for performing static analysis using a small client command line interface (CLI).
AppScan Activity Recorder 2.0.0 Record traffic and actions to use in an AppScan Dynamic Analysis scan
AppScan Traffic Recorder N/A DAST proxy enables you to record traffic to use as Explore data.
AppScan Cloud CLI N/A Streamline security testing with AppScan on Cloud. This tool can be integrated into any CI/CD platform or used independently.
Build your own integration
AppScan Swagger N/A Suite of tools for working with the REST API
AppScan SDK 1.1.5 SDK for interacting with HCL AppScan on Cloud and HCL AppScan Enterprise ADAC Jobs
Other
HackEDU N/A Automatically use the vulnerabilities found in your security scans to build dynamic training plans for your developers.
SD Elements N/A File-based and remote connection verification integrations