Submitting HCL AppScan Source assessments to the Cloud for analysis
If you have a subscription to HCL AppScan on Cloud, you can submit AppScan Source assessments for analysis there. Assessments from AppScan Source Versions 9.0 or higher are supported. The number of scans you can submit depends on your ASoC subscription.
About this task
When you use the static analysis functionality of the AppScan on Cloud service, you can generate security analysis reports that make use of Intelligent Finding Analytics (IFA). IFA is a powerful machine-learning technology that does much of the triage work for you by, among other things, filtering out false positives and by grouping findings that can be remedied by a fix in one code point. To learn more about IFA, see this article.
If you are using AppScan Source Version 9.0 or higher and have an AppScan on Cloud subscription, you can benefit from this technology by uploading your AppScan Source assessment to AppScan on Cloud. In return, you will receive a new assessment that has been automatically triaged by IFA. This assessment can be in the form of an HTML report or an assessment that can be opened in your AppScan Source product.
- If you have a paid AppScan on Cloud subscription, you can scan 10 additional AppScan Source assessments. For example, if your subscription includes 20 AppScan on Cloud scans, you can scan another 10 AppScan Source assessments - for a total of 30 scans. Concurrent scan limits, as outlined in your subscription, include scans of AppScan Source assessments. For example, if your subscription allows you 2 scans at the same time, scans of AppScan Source assessments would be included.
- If you have a trial AppScan on Cloud subscription, scans of AppScan Source assessments count toward your total number of allowed scans.
Procedure
-
Perform one of the following steps (skip this step if you are already using AppScan on Cloud for static analysis):
- If you do not have an AppScan on Cloud subscription, go to https://cloud.appscan.com/AsoCUI/serviceui/home and sign in. If you do not have a subscription, use the link for creating an HCL ID. Then sign up for a free trial or paid subscription using the links at the service.
- In the AppScan on Cloud service, create an application and then click Create Scan.
- In the What type of app are you scanning today? screen, select Desktop or .
- If you have not previously downloaded and set up the Static Analyzer Command Line Utility, do so now. See Setting up the Static Analyzer Command Line Utility for more information.
- Generate an assessment (.ozasmt file) in the AppScan Source product or tool of your choice. Versions 9.0 or higher are supported.
-
Use the Static Analyzer Command Line Utility command line interface
(CLI) to generate an Intermediate Representation (IRX or .irx) file for the
assessment (.ozasmt file):
-
Use the CLI
appscan queue_analysis
(Windows™) orappscan.sh queue_analysis
(Linux™ and macOS) command to upload the IRX file: - When analysis is complete, you will receive an email if you uploaded the IRX using the CLI - or if you selected the Email me when the scan is complete check box in the AppScan on Cloud web client.
-
Choose a method for retrieving the analysis report. You can use the CLI
appscan get_result
(Windows™) orappscan.sh get_result
(Linux™ and macOS) command - or you can use the AppScan on Cloud web client. If you use the CLI to receive the analysis report, you will have the option of receiving an archive (.zip) file that includes a .ozasmt file so that the analysis report can be opened in AppScan Source. If you are only interested in seeing an HTML report, you can use the CLI or the AppScan on Cloud web client to download the report. -
Complete this step if you want to use the CLI
appscan get_result
(Windows™) orappscan.sh get_result
(Linux™ and macOS) command to retrieve the analysis report: -
If you are only interested in seeing an HTML report, you can use the AppScan on Cloud web client to download the report. Complete this step if you want to
use the web client to retrieve the analysis report.
When you log in to the service, you should automatically see a list of your scans (if you have navigated to another section of the service, click the X icon at the top right to return to the list of scan). In the scan list, locate the scan and select the Download icon and then choose XML or HTML format.
To learn more about AppScan on Cloud scan results at HCL Cloud Marketplace, see Results.