Configure a scan in AppScan on Cloud

Configure a static analysis scan.

Procedure

To configure a scan:
  1. Identify what you will scan:
    1. A Git Hub repository:
      Identify the public GitHub repository to scan, and verify that you have appropriate access to it. AppScan on Cloud requires read access to repositories to perform security scans on them.
      Note: To scan a private repository, install the HCL AppScan on Cloud GitHub application on the GitHub account or organization that owns the repository to scan. See Installing a GitHub App from a third party
    2. An IRX file:
    3. A source code file:
      To scan a source code file, identify the appropriate .zip, .war, .jar, or .ear file.
      Note: Source code files that are not .war, .jar, or .ear files must be compressed into a .zip file.
    4. In an integrated development envirinment:
      To scan in Eclipse, IntelliJ IDEA, or Visual Studio, follow the instructions in Scanning in integrated development environments. In Eclipse and IntelliJ IDEA, you can scan Java projects - and in Visual Studio, you can scan .NET (C#, ASP.NET, VB.NET).
    Note: When you scan code or generate an IRX file, you might receive a message about updating to the latest Static Analyzer Command Line Utility. See Command Line Utility (CLI) support.
  2. If you will be scanning an IRX file, download and set up either:
  3. If you have not yet done so, Create an application for your scans.
  4. Use the Create scan wizard to start configuring your scan. Select Applications > <Application> > Create scan > SAST Static Analysis: Create scan.