Integrations
AppScan on Cloud offers various plugins and integrations, that are listed on the AppScan on Cloud Integrations page:
New plugins are added regularly. See Integrations.
| Plugin/Integration/Action | Supported plugin version | Description |
|---|---|---|
| Integrated Development Environment (IDE) | ||
| HCL AppScan extension for Visual Studio 2022 | 2.5 and newer | Scan source code early in development lifecycle using the HCL CodeSweep integration. |
| Visual Studio Code | 1.2.5 and newer | Detect SAST vulnerabilities early in the development life cycle. |
| HCL AppScan JetBrains Plugin, including IntelliJ Idea, PyCharm, WebStorm, PhpStorm, Rider, CLion, GoLang, RubyMine | 2.9 and newer. | Pull scans and fix groups data from ASoC within the IDE. |
| Continuous Integration/Continuous Development (CI/CD) | ||
| GitHub Community Plugins | N/A | Community-developed integrations, API and CLI wrapper scripts, and other helpful tools. |
| HCL AppScan Codesweep GitHub Action | 2.1 and newer | Scans modified code in pull requests alerting you to vulnerabilities before the code reaches your main branch. |
| Maven | 1.0.13 and newer | Integrates SAST scans of your Java projects into the Maven build. |
| Gradle | 1.0.10 and newer | Integrates SAST scans of your Java projects into the Gradle build. |
| Jenkins | 1.4.0 and newer | Execute SAST and DAST scans using ASoC. |
| Azure DevOps | 2.4.0 and newer | Execute SAST and DAST scans using ASoC. |
| AWS | N/A | Incorporate security testing into your AWS CodeBuild and CodePipeline workflows. |
| Defect tracking systems | ||
| AppScan Issue Management Gateway Service, including Azure DevOps, Jira, and RTC | 1.2.0 and newer | Synchronize issues between HCL AppScan On Cloud and issue management systems. |
| JiraCloud | N/A | Import security issues into your Atlassian Jira Cloud instance |
| Vulnerability management | ||
| ServiceNow | 1.2.2 and newer | Import vulnerability data from ASoC into the ServiceNow Vulnerability Response platform. |
| ThreadFix | N/A | AppSec software platform to help DevSecOps management that centralizes your test and vulnerability data in one place. |
| CodeDX | N/A | Vulnerability management system that combines and correlates the results generated by a wide variety of static and dynamic testing tools. |
| AppScan client tools | ||
| AppScan Standard | 10.0.0 | Penetration-testing component of the HCL AppScan application security testing suite, used to test web applications and APIs. |
| AppScan Go! | 2.1.0 | AppScan Go! steps you through configuring and running a static scan. |
| SAST Client Util/CLI | N/A | Windows-specific commands for performing static analysis using a small client command line interface (CLI). |
| AppScan Activity Recorder | 2.0.0 | Record traffic and actions to use in an AppScan Dynamic Analysis scan |
| AppScan Traffic Recorder | N/A | DAST proxy enables you to record traffic to use as Explore data. |
| AppScan Cloud CLI | N/A | Streamline security testing with AppScan on Cloud. This tool can be integrated into any CI/CD platform or used independently. |
| Build your own integration | ||
| AppScan Swagger | N/A | Suite of tools for working with the REST API |
| AppScan SDK | 1.1.5 | SDK for interacting with HCL AppScan on Cloud and HCL AppScan Enterprise ADAC Jobs |
| Other | ||
| HackEDU | N/A | Automatically use the vulnerabilities found in your security scans to build dynamic training plans for your developers. |
| SD Elements | N/A | File-based and remote connection verification integrations |