Integrations
AppScan on Cloud offers various plugins and integrations, that are listed on the AppScan on Cloud Integrations page:
New plugins are added regularly. See Integrations.
Plugin/Integration/Action | Supported plugin version | Description |
---|---|---|
Integrated Development Environment (IDE) | ||
HCL AppScan extension for Visual Studio 2022 | 2.5 and newer | Scan source code early in development lifecycle using the HCL CodeSweep integration. |
Visual Studio Code | 1.2.5 and newer | Detect SAST vulnerabilities early in the development life cycle. |
HCL AppScan JetBrains Plugin, including IntelliJ Idea, PyCharm, WebStorm, PhpStorm, Rider, CLion, GoLang, RubyMine | 2.9 and newer. | Pull scans and fix groups data from ASoC within the IDE. |
Continuous Integration/Continuous Development (CI/CD) | ||
GitHub Community Plugins | N/A | Community-developed integrations, API and CLI wrapper scripts, and other helpful tools. |
HCL AppScan Codesweep GitHub Action | 2.1 and newer | Scans modified code in pull requests alerting you to vulnerabilities before the code reaches your main branch. |
Maven | 1.0.13 and newer | Integrates SAST scans of your Java projects into the Maven build. |
Gradle | 1.0.10 and newer | Integrates SAST scans of your Java projects into the Gradle build. |
Jenkins | 1.4.0 and newer | Execute SAST and DAST scans using ASoC. |
Azure DevOps | 2.4.0 and newer | Execute SAST and DAST scans using ASoC. |
AWS | N/A | Incorporate security testing into your AWS CodeBuild and CodePipeline workflows. |
Defect tracking systems | ||
AppScan Issue Management Gateway Service, including Azure DevOps, Jira, and RTC | 1.2.0 and newer | Synchronize issues between HCL AppScan On Cloud and issue management systems. |
JiraCloud | N/A | Import security issues into your Atlassian Jira Cloud instance |
Vulnerability management | ||
ServiceNow | 1.2.2 and newer | Import vulnerability data from ASoC into the ServiceNow Vulnerability Response platform. |
ThreadFix | N/A | AppSec software platform to help DevSecOps management that centralizes your test and vulnerability data in one place. |
CodeDX | N/A | Vulnerability management system that combines and correlates the results generated by a wide variety of static and dynamic testing tools. |
AppScan client tools | ||
AppScan Standard | 10.0.0 | Penetration-testing component of the HCL AppScan application security testing suite, used to test web applications and APIs. |
AppScan Go! | 2.1.0 | AppScan Go! steps you through configuring and running a static scan. |
SAST Client Util/CLI | N/A | Windows-specific commands for performing static analysis using a small client command line interface (CLI). |
AppScan Activity Recorder | 2.0.0 | Record traffic and actions to use in an AppScan Dynamic Analysis scan |
AppScan Traffic Recorder | N/A | DAST proxy enables you to record traffic to use as Explore data. |
AppScan Cloud CLI | N/A | Streamline security testing with AppScan on Cloud. This tool can be integrated into any CI/CD platform or used independently. |
Build your own integration | ||
AppScan Swagger | N/A | Suite of tools for working with the REST API |
AppScan SDK | 1.1.5 | SDK for interacting with HCL AppScan on Cloud and HCL AppScan Enterprise ADAC Jobs |
Other | ||
HackEDU | N/A | Automatically use the vulnerabilities found in your security scans to build dynamic training plans for your developers. |
SD Elements | N/A | File-based and remote connection verification integrations |