Running automated assessments

The AppScan® Source command line interface (CLI) enables you to automatically import an AppScan Source project file (.ppf) and scan your source code. From the command line, you can run a script, such as the following sample, Run_Assessments.txt.

AppScanSrcCli scr c:\<install_dir>\bin\Run_Assessments.txt

Sample Run_Assessments.txt

# Log in.
Login <hostname> <username> <password>
# Turn on logging.
log on c:\myLogFile.log
# Create a new application named "testit."
new testit c:\AppTest
# Navigate to the newly created application.
cd testit
# Import the Project files (.ppfs) under c:\projects\joans.
im c:\projects\joans\*.ppf
# Refresh the Project.
refresh

# Run an assessment.
scan
# Register the assessment
register
# Publish the assessment
publishassess
# Log out and end the CLI session.
quit

Output

Logging to 'c:\mylogfile.log'...

AllApplications>> new testit c:\AppTest
AllApplications>> cd testit
AllApplications\testit>> import c:\TestApps\testproj\*.ppf
AllApplications\testit>> refresh
AllApplications\testit>> ls

214: testproj (Project [local])

AllApplications\testit>> la

testit has no current assessments.

scan
New Scan started at 15:41:55
Scanning Project testproj (1 of 1)
Preparing project for scan...
.
.
.

Searching File C:\TestApps\\testproj\src\se\bluefish\blueblog\metarepository\Meta
Category.java (21 of 33)
Searching File C:\TestApps\testproj\src\se\bluefish\blueblog\metarepository\Meta
Repository.java (22 of 33)

-------------------
Total Call Sites: 348
Total Definitive Security Findings with High Severity: 5
Total Definitive Security Findings with Medium Severity: 1
Total Definitive Security Findings with Low Severity: 4
Total Suspect Security Findings with High Severity: 0
Total Suspect Security Findings with Medium Severity: 8
Total Suspect Security Findings with Low Severity: 0
Total Scan Coverage Findings with High Severity: 16
Total Scan Coverage Findings with Medium Severity: 27
Total Scan Coverage Findings with Low Severity: 16
Total Lines: 7386
Max V-Density: 732.2772813430815
Max V/kloc: 10.42512862171676
V-Density: 732.2772813430815
V/kloc: 10.42512862171676

AllApplications\testit>> register
AllApplications\testit>> 'testit' registered successfully.
AllApplications\testit>> pa

Assessment Successfully Published.

AllApplications\testit>> la

AllApplications\testit>> 27001: testit (Application, Fri Mar 14 15:41:55 EDT 2008)

AllApplications\testit>>