Configure an open source scan in AppScan on Cloud

Procedure

To scan your application:
  1. Download and set up either:
  2. Scan or generate an IRX file for your application, or identify source code files to scan.
    1. To generate an IRX file by using the CLI, follow the instructions in Generating an IRX file by using the command line interface (CLI). You can scan all supported languages from the CLI.
      Note: To scan open source only, use the -oso command with appscan prepare.
    2. To scan in Eclipse, IntelliJ IDEA, or Visual Studio, follow the instructions in Scanning in integrated development environments. In Eclipse and IntelliJ IDEA, you can scan Java projects - and in Visual Studio, you can scan .NET (C#, ASP.NET, VB.NET).
    3. To generate an IRX file using AppScan Go!, follow the instructions in Configuring a scan using AppScan Go!.
    4. To scan a source code file, identify the appropriate .zip, .war, .jar, or .ear file.
    Note: When you scan code or generate an IRX file, you might receive a message about updating to the latest Static Analyzer Command Line Utility. See Command Line Utility (CLI) support.
  3. If you have not yet done so: Create an application for your scans.
  4. Use the Create scan wizard to start configuring your scan. Start the wizard from Application > Application > Scans > Create scan > SCA Software Composition Analysis > Create scan.
  5. Upload file tab: Drag-and-drop the .irx file to scan into the dialog box, or click the box to browse for the file.
  6. Preferences tab: You can opt to run your scan as a personal scan whose security issues will not be added to the issues for the application as a whole. You can also select the default option that sends you an email when the scan completes, or choose to allow intervention by our scan enablement team.
  7. Click Review and Scan to proceed to the summary dialog.
  8. Edit the default name that was given to the scan. Optional.
  9. Click Scan Now.