Introduction to HCL AppScan Source

HCL® AppScan® Source delivers maximum value to every user in your organization who plays a role in software security. Whether a security analyst, quality assurance professional, developer, or executive, the AppScan Source products deliver the functionality, flexibility, and power you need - right to your desktop.

The product set includes:

  • AppScan Source for Analysis: Workbench to configure applications and projects, scan code, analyze, triage, and take action on priority vulnerabilities.
  • AppScan Source for Automation: Allows you to automate key aspects of the AppScan Source workflow and integrate security with build environments during the software development life cycle.
  • AppScan Source for Development: Developer plug-ins integrate many AppScan Source for Analysis features into Microsoft™ Visual Studio, the Eclipse workbench, and Rational® Application Developer for WebSphere® Software (RAD). This allows software developers to find and take action on vulnerabilities during the development process. The Eclipse plug-in allows you to scan source code for security vulnerabilities - and you can scan IBM MobileFirst Platform projects with the Eclipse plug-in.

To enhance the value of AppScan Source within your organization, the products include these components:

  • AppScan Source Security Knowledgebase: In-context intelligence on each vulnerability, offering precise descriptions about the root cause, severity of risk, and actionable remediation advice.
  • AppScan Enterprise Server: Most AppScan Source products and components must communicate with an AppScan Enterprise Server. Without one, you can use AppScan Source for Development in local mode - but features such as custom rules, shared scan configurations, and shared filters will be unavailable.

    The server provides centralized user management capabilities and a mechanism for sharing assessments via the AppScan Source Database. The server includes an optional Enterprise Console component. If your administrator installs this component, you can publish assessments to it from AppScan Source for Analysis, AppScan Source for Automation, and the AppScan Source command line interface (CLI). The Enterprise Console offers a variety of tools for working with your assessments - such as reporting features, issue management, trend analysis, and dashboards.

    Important: For some versions of AppScan Source and AppScan Enterprise, the version and release level of the two products must match in order to connect from AppScan Source to the AppScan Enterprise Server. See System requirements and installation prerequisites to learn more about system requirements anc compatibilities.
    Note:
    • As of version 9.0.3.11, AppScan Source no longer supports macOS or iOS Xcode scanning.
    • AppScan Enterprise Server is not supported on macOS.
    • If you have a basic server license, the server may only be accessed by up to ten (10) concurrent connections from AppScan products. With a premium server license, unlimited connections are allowed.
    Important: When scanning, AppScan Enterprise Server and AppScan Source clients (except AppScan Source for Development) both require a direct connection to the AppScan Source Database (either solidDB® or Oracle).

This Software Offering does not use cookies or other technologies to collect personally identifiable information.

Translated national languages

The AppScan Source user interfaces are available in these languages:

  • English
  • Brazilian Portuguese
  • Simplified Chinese
  • Traditional Chinese
  • German
  • Spanish
  • French
  • Italian
  • Japanese
  • Korean
  • Russian