Welcome
Results
The Scans and Sessions page lists the scans under the categories DAST, SAST, SCA, and IAST, where you can view your scan results, including scan statistics. To view, rescan, or download reports, select a scan.The Scans and Sessions page lists scans under the categories where you can view your scan results, including scan statistics. To view, rescan, or download reports, select a scan.
HCL AppScan RapidFix integration
HCL AppScan RapidFix is an AI-driven solution that automates the triage and remediation process for application security vulnerabilities. HCL AppScan RapidFix applies to SAST results.

Getting started
Welcome to the documentation for HCL AppScan on Cloud, where you can find information about how to install, maintain, and use this service.
Navigation
This section describes the items on the main AppScan on Cloud menu bar, with links to more detailed information.
Administration
Define users, applications, policies, and configure DevOps integrations.
Dynamic analysis
AppScan on Cloud performs security scans for web-applications for production, staging and development environments. For development environments it is aided by Private Site Scanning technology to scan applications not accessible to the open Internet.
Interactive monitoring
Using an agent installed on your application, ASoC identifies security vulnerabilities in your application during runtime by monitoring all interactions, both legitimate and malicious. The process is "passive," in the sense that IAST does not send its own tests, and can therefore run indefinitely.
Software Composition Analysis
Use Software Composition Analysis (SCA) to scan for security vulnerabilities in open source and third-party packages used by your code. SCA includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).
Static analysis
Use static analysis (SAST) to scan for security vulnerabilities in web and desktop applications. Static analysis includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).
Results
The Scans and Sessions page lists the scans under the categories DAST, SAST, SCA, and IAST, where you can view your scan results, including scan statistics. To view, rescan, or download reports, select a scan.The Scans and Sessions page lists scans under the categories where you can view your scan results, including scan statistics. To view, rescan, or download reports, select a scan.
- Sample Security Reports
- Application reports
- Scan data
- Issues
  The Issues page for an application, by default displays non-compliant issues only. You can apply a variety of filters to see the issues you need, and click on any issue to open the detailed issue information pane.
- Correlation
  AppScan analyzes issues found by IAST, DAST and SAST to identify common weak links in the code (correlations) where multiple vulnerabilities can be resolved with a single or consolidated remediation effort.
- Fix groups
  Fix groups currently apply only to issues found in static analysis scans.
- Reports
  Generate reports for issues discovered in an application. Send reports to send to developers, internal auditors, penetration testers, managers, and the CISO. Security information might be extensive, and can be filtered depending on your requirements.
- Remediation
  After risks are determined and vulnerabilities are prioritized, your security team can start the remediation process.
- HCL AppScan RapidFix integration
  HCL AppScan RapidFix is an AI-driven solution that automates the triage and remediation process for application security vulnerabilities. HCL AppScan RapidFix applies to SAST results.
- Rescanning
  Following your first scan, as you fix issues you can scan the same application again multiple times and overwrite the previous results; the dashboard always displays the current results. When you scan again (rather than starting a new scan), the rescan overwrites the previous one.
- IAST scan results
  An interactive (IAST) scan entry shows results since the last time the scan was started.
AppScan Model Context Protocol (MCP) server
The AppScan MCP server integrates HCL AppScan on Cloud directly with AI-powered development environments and agents. By implementing the Model Context Protocol (MCP), this server allows LLMs (such as Claude or models running in VS Code) to securely access your security data—including SAST, DAST, SCA, and IAST results—to help you triage issues, analyze findings, and automate workflows using natural language.
Troubleshooting
If you experience problems with this service, you can perform these troubleshooting tasks to determine the corrective action to take.
FAQ & Reference
Frequently asked questions, information about integrating ASoC into the product lifecycle (SDLC), and ASoC API documentation.

HCL AppScan RapidFix integration

HCL AppScan RapidFix is an AI-driven solution that automates the triage and remediation process for application security vulnerabilities. HCL AppScan RapidFix applies to SAST results.

HCL AppScan RapidFix requires an additional subscription. Once subscribed and configured, RapidFix results are integrated into the ASoC interface for quick identification and action.

Acquiring and installing HCL AppScan RapidFix

To subscribe to RapidFix, click RapidFix triage from the single scan view of a static analysis (SAST) scan, then click Learn more on the resulting dialog box. ASoC opens a new browser window from which you can request more information from the HCL sales team.

Once subscribed, install Pixee Enterprise Server according the instructions here.

Remediating results using HCL AppScan RapidFix

When RapidFix is subscribed and configured, results that have been analyzed automatically by RapidFix are indicated in the following ways:

Clicking RapidFix triage from the single scan view shows a summary of RapidFix findings. Click View suggestions to go to the Issues page.

Click View suggestions to go to the Issues page.
The RapidFix icon () displays for a scan on the Scans and sessions page.
The Issues page for the scan displays two new columns, RapidFix autofix and RapidFix triage.
- RapidFix autofix indicates if an autofix is available for the issue.
- RapidFix triage notes the results of AI analysis of the issue.
Click the issue to open the Issue information pane to learn more.
A new tab – RapidFix – on the Issue information pane for the scan allows you to review the findings and take action.