Integrations
AppScan on Cloud offers various plugins and
integrations, that are listed on the AppScan on Cloud Integrations page. New plugins are
added regularly.
| Plugin/Integration/Action | Description |
|---|---|
| Integrated Development Environment (IDE) | |
| HCL AppScan extension for Visual Studio 2022 | Scan source code early in development lifecycle using the HCL CodeSweep integration. |
| Visual Studio Code | Detect SAST vulnerabilities early in the development life cycle. |
| HCL AppScan JetBrains Plugin, including IntelliJ Idea, PyCharm, WebStorm, PhpStorm, Rider, CLion, GoLand, RubyMine, Android Studio | Pull scans and fix groups data from ASoC within the IDE. |
| HCL AppScan CodeSweep (includes support for Cursor AI) | Integrates with AppScan CodeSweep to detect and remediate vulnerabilities during AI-assisted coding. |
| Continuous Integration/Continuous Development (CI/CD) | |
| GitHub Community Plugins | Community-developed integrations, API and CLI wrapper scripts, and other helpful tools. |
| HCL AppScan Codesweep GitHub Action | Scans modified code in pull requests alerting you to vulnerabilities before the code reaches your main branch. |
| Maven | Integrates SAST scans of your Java projects into the Maven build. |
| Gradle | Integrates SAST scans of your Java projects into the Gradle build. |
| Jenkins | Execute SAST and DAST scans using ASoC. |
| Azure DevOps | Execute SAST and DAST scans using ASoC. |
| AWS | Incorporate security testing into your AWS CodeBuild and CodePipeline workflows. |
| Defect tracking systems | |
| AppScan Issue Management Gateway Service, including Azure DevOps, Jira, and RTC | Synchronize issues between HCL AppScan On Cloud and issue management systems. |
| JiraCloud | Import security issues into your Atlassian Jira Cloud instance |
| Vulnerability management | |
| ServiceNow | Import vulnerability data from ASoC into the ServiceNow Vulnerability Response platform. |
| CodeDX | Vulnerability management system that combines and correlates the results generated by a wide variety of static and dynamic testing tools. |
| AppScan client tools | |
| AppScan Standard | Penetration-testing component of the HCL AppScan application security testing suite, used to test web applications and APIs. |
| AppScan Go! | AppScan Go! steps you through configuring and running a static scan. |
| SAST Client Util/CLI | Windows-specific commands for performing static analysis using a small client command line interface (CLI). |
| AppScan Activity Recorder | Record traffic and actions to use in an AppScan Dynamic Analysis scan |
| AppScan Traffic Recorder | DAST proxy enables you to record traffic to use as Explore data. |
| AppScan Cloud CLI | Streamline security testing with AppScan on Cloud. This tool can be integrated into any CI/CD platform or used independently. |
| Build your own integration | |
| AppScan Swagger | Suite of tools for working with the REST API |
| AppScan SDK | SDK for interacting with HCL AppScan on Cloud and HCL AppScan Enterprise ADAC Jobs |
| Other | |
| CMD+CTRL | Hands-on, immersive secure code training. |
| SD Elements | File-based and remote connection verification integrations |
| Centraleyezer | Manage HCL AppScan on Cloud DAST and SAST vulnerability data in Centraleyezer to identify, prioritize, track, and remediate security issues. |
| Slack | Receive AppScan on Cloud security alerts and scan notifications directly in your Slack channels. |
| Splunk | Integrate AppScan on Cloud with Splunk for centralised visibility into scan data with analytics and dashboards. |