Review reference information for the product.
The CLI is an interface to core AppScan® Source functionality.
deleteassess (da)
Ounce/Make is a tool that automates the importing of configuration information into AppScan® Source from build environments that use makefile. Ounce/Make eliminates the need to import configuration information from makefiles manually.
makefile
makefiles
Many CLI commands require that you have the appropriate AppScan® Source permissions.
AppScan® Source command line interface (CLI) commands conform to a usage template with required and optional arguments, similar to a command shell. CLI commands are not case sensitive and do not require switches for different arguments.
about (a)
clearcache (cc)
delete (del)
deleteuser (du)
delvar (dv)
details (det)
echo
getaseinfo (gase)
help (?)
import (im)
info (i)
list (ls, dir)
listassess (la)
listgroups (lgrp)
listusers (lu)
log
login (in)
login_file
login_local (local)
logout (out)
moduser (mu)
newuser (nu)
openapplication (oa)
openassessmentfile (oaf)
password (passwd)
printuser (pu)
publishassess (pa)
publishassessase (pase)
quit
record (rc)
refresh (rf)
register (reg)
removeassess (da)
report (rpt)
scan (sc)
script (scr)
setaseinfo (sase)
If your AppScan® Enterprise Server has been installed with the AppScan Enterprise Console option, you can publish assessments to it. The Enterprise Console offers a variety of tools for working with your assessments - such as reporting features, issue management, trend analysis, and dashboards.
setcurrentobject (set, cd)
setvar (sv)
unregister (unreg)
The AppScan® Source command line interface (CLI) enables you to automatically import an AppScan Source project file (.ppf) and scan your source code. From the command line, you can run a script, such as the following sample, Run_Assessments.txt.
This section describes how to use Ounce/Ant, an AppScan® Source build utility that integrates AppScan Source and Apache Ant. Integrating Ounce/Ant with your Ant environment helps you automate builds and code assessments.
The Data Access API provides access to AppScan® Source-generated assessment results, including findings and finding details. It also provides access to assessment metrics such as analysis date and time, lines of code, V-density, and number of findings.
This section describes the Ounce/Maven plug-in, which uses Maven, an Apache build tool, to integrate AppScan® Source into the Maven workflow.
The Automation Server (ounceautod) allows you to automate key aspects of the AppScan® Source workflow and integrate security with build environments during the software development life cycle (SDLC). The Automation Server allows you to queue requests to scan and publish assessments, and generate reports on the security of application code.
ounceautod
AppScan® Source provides a set of Java™ APIs that allow you to add support for frameworks that are used in your applications. The classes and methods offered in these APIs allow you to account for frameworks for which built-in support is not provided.
AppScan® Source for Analysis includes a sample applicationsample applications that you can use to familiarize yourself with the product.
To get the most out of AppScan® Source, you should understand the basic concepts behind the AppScan Source for Analysis working environment and how to use the options that best fit your workflow.
AppScan® Source for Development views and windows provide alternative presentations of findings, support code editing, and allow you to navigate the information in your workbench. A view might appear by itself, or stacked with other views in a tabbed notebook. You can change the layout of a perspective or window layout by opening and closing views and by docking them in different positions in the Workbench window.
The Common Weakness Enumeration (CWE) is an industry standard list that provides common names for publicly known software weaknesses. This topic lists the CWE IDs that are supported in the current version of AppScan® Source.
This command has been renamed. See removeassess (da).