Vulnerable components detection using AppScan
AppScan enhances application security by identifying and reporting vulnerabilities in third-party components, ensuring businesses are protected from potential threats. This helps prevent undetected vulnerabilities and ensures business continuity.
Detecting third-party components in your application
AppScan will, by default, identify and report any vulnerabilities, including those in the third-party components of your application. You can view this list in the Components view of the Monitor tab. For more information on the third-party components that AppScan recognizes, see What third-party components does AppScan detect in DAST scans?
The "report vulnerabilities in identified components" option is enabled by default but can be disabled from Administration > General Settings. Once disabled, any new content scans created will no longer have this option enabled, but it can still be manually enabled from the scan settings.
You can import and export component issues from AppScan Enterprise and AppScan Standard XML files, see Importing issues from an internal or a third-party scanner and Exporting issues as reports.
In the following cases, the components view might not show any components:
- Identifiable third-party components are not used in your application.
- No new scans or rescans were run.
Remediating vulnerabilities in third-party components
When the scan is complete, you can view the vulnerabilities in the Issues view under "Vulnerable Components." For more information, see Remediating risks.