Static analysis client support
Supported operating systems and the types projects that can be scanned by ASoC when you perform static analysis.
- Operating system support
- Command Line Utility (CLI) support
- Plugin
support
- Gradle support
- Maven support
- JetBrains
- CLion
- GoLand
- IntelliJ
- PHPStorm
- Pycharm
- Rider
- RubyMine
- WebStorm
- Microsoft Visual Studio support
- Jenkins support
- Visual Studio Team Services/Team Foundation Server (Azure DevOps) support
- AppScan Go! support
Operating system support
- Windows: HCL AppScan on Cloud is supported on 64-bit systems and runs in 64-bit mode.
- macOS: HCL AppScan on Cloud is supported on 64-bit systems and runs in 64-bit mode.
- Linux: HCL AppScan on Cloud is supported on 64-bit systems only.
Command Line Utility support
System requirements for the Command Line Utility
- Disk space: 1GB
- Memory: 2GB RAM
- CPU: 2
- Disk space: 15-20GB
- Memory: 8GB RAM
- CPU: 2
Additional resources may be necessary when running large Java, .NET, and C/C++ dataflow scans.
Application server support
The Command Line Utility includes Apache Tomcat Version 7 application server .jar files that are used for basic JavaServer Page compilation. To achieve better compatibility, configure the CLI to use your own application server (supported application servers include Apache Tomcat versions 7 and higher, WebSphere® Application Server Versions 7, 8.0, 8.5.x, and 9.x, and Oracle Weblogic Server version 10.3 and 12.x).
Command Line Utility and cloud service version compatibility
Your Static Analyzer Command Line Utility version is automatically checked when you:
- Issue the
appscan prepare
command on Windows™ or theappscan.sh prepare
command on Linux™ and macOS. - Use the Run Static Analysis action in an integrated development environment that has the static analysis plug-in installed.
- Use the
prepare
option to generate an IRX file for a Maven project. - Upload an IRX file by using the
appscan queue_analysis
command on Windows™ or theappscan.sh queue_analysis
command on Linux™ and macOS. - Upload an IRX file to the cloud.
When you perform any of the prepare or Run Static Analysis actions, you may receive a message indicating that a new version of the Command Line Utility is available. In this case, you can proceed without upgrading the Command Line Utility - or you can upgrade the Command Line Utility to take advantage of new features and capabilities.
When you perform any of the above actions using a version of the Command Line Utility that is no longer supported, a message will indicate that the Command Line Utility must be updated. In this case, download and set up the latest Command Line Utility
Plugin support
Gradle support
The HCL AppScan on Cloud Gradle plugin is used to automate the scanning of Java and Java web projects in Gradle. It generates an IRX file for Gradle projects that have the "java" plugin and/or "war" plugins applied. It can also submit the generated IRX file to the cloud service for analysis (optional).
To use the plugin, add the following lines to build.gradle
.
- Groovy:
plugins { id "com.hcl.security.appscan" version "1.0.1" }
- Kotlin:
plugins { id("com.hcl.security.appscan") version "1.0.1" }
- Groovy:
buildscript { repositories { maven { url "https://plugins.gradle.org/m2/" } } dependencies { classpath "gradle.plugin.com.hcl.security:application-security-gradle-plugin:1.0.1" } } apply plugin: "com.hcl.security.appscan"
- Kotlin:
buildscript { repositories { maven { url=uri("https://plugins.gradle.org/m2/") } } dependencies { classpath("gradle.plugin.com.hcl.security:application-security-gradle-plugin:1.0.1") } } apply(plugin="com.hcl.security.appscan")
Maven support
The Maven ASoC plugin is now live in the Maven Central Repository; it no longer needs to be installed manually.
Use the prepare
goal of the
appscan-maven-plugin
to generate an
IRX file for all jar
, war
, and
ear
projects in your build. Use the analyze
goal of the appscan-maven-plugin
to generate an IRX file for all jar
, war
, and
ear
projects in your build and submit it to the ASoC service for analysis.
JetBrains support
You can choose to install a plug-in to a supported JetBrains IDE from its user interface. JetBrains versions 2021.1 and later are supported.
To acquire and install the plug-in, locate the plug-in at the JetBrains Plugins Repository. Or, in the JetBrains IDE, go to , select Plugins and click Browse repositories.... Search for HCL AppScan.
Microsoft Visual Studio support (Windows only)
You can choose to install a plug-in to Visual Studio so you can scan .NET (C#, ASP.NET, VB.NET) solutions, projects, and websites from its user interface. Visual Studio must be installed on your system before you can install the Visual Studio plug-in.
To acquire and install the Visual Studio plug-in, locate the plug-in at the Visual Studio marketplace. Or, in Visual Studio, go to . Select Online and search for AppScan.
.NET (C#, ASP.NET, VB.NET) | C++ | |
---|---|---|
Visual Studio 2015 | X | X |
Visual Studio 2017 | X | X |
Visual Studio 2019 | X | X |
Visual Studio 2022 | X |
/std:c++14
) for Visual
Studio 2015, 2017, and 2019. AppScan on Cloud
supports C++17 language standard mode (/std:c++17
) for Visual
Studio 2017 and 2019.Visual Studio Plugin | Command Line Interface (CLI) | |
---|---|---|
Visual Studio 2015 | X | |
Visual Studio 2017 | X | |
Visual Studio 2019 | X | |
Visual Studio 2022 | X | X |
Jenkins support
The ASoC Jenkins plug-in allows you to add dynamic and static analysis build steps to your Jenkins build projects. You can install the plug-in to Jenkins Versions 2.222.4 or higher. From the plug-in, you can connect to the ASoC service on Cloud Marketplace.
Visual Studio Team Services/Team Foundation Server (Azure DevOps) support
The Visual Studio Team Services/Team Foundation Server (Azure DevOps) plugin allows you to scan static and dynamic VSTS and TFS projects. ASoC supports TFS version 2018 update 2 and newer. To learn more about the plugin, see, Installing and using the Azure DevOps Services plugin.
AppScan Go! support
AppScan Go! is supported on Windows™, Linux™, and Mac.