Welcome
Welcome to the documentation for HCL® AppScan® Source.
Introduction to HCL® AppScan® Source
HCL® AppScan® Source delivers maximum value to every user in your organization who plays a role in software security. Whether a security analyst, quality assurance professional, developer, or executive, the AppScan Source products deliver the functionality, flexibility, and power you need - right to your desktop.
What's New in AppScan® Source
Explore these new features that have been added to AppScan® Source - and note any features and capabilities that have been deprecated in this release.
Installing
Learn how to install the product.
Configuring
Learn how to configure the product.
Administering
Learn how to administer the product.
- Administering AppScan® Source
  This section explains user management, permissions, application and project registration, and port configuration.
  - User accounts and permissions
    Before AppScan® Source users can begin to scan or triage results, an administrator must create user accounts and assign permissions to the accounts.
  - Using AppScan® Source for Analysis in standalone mode
    You can use AppScan® Source for Analysis while not connected to an AppScan Enterprise or the AppScan Database Service. However, you will be unable to share scans or assessments with other AppScan Source clients.
  - Creating AppScan® Source users
    Typically, administrators will have users log in to AppScan® Source products with their AppScan Enterprise Server credentials. However, if there is cause for having AppScan Source users that do not exist in the AppScan Enterprise Server, administrators can create local AppScan Source users, according to the instructions in this topic.
- Auditing user activity
  AppScan® Source offers a convenient location for auditing user activity. The Audit view logs events such as authentication to the AppScan Enterprise Server, the creation of new users, and the creation of new rules in the database.
- Logging in to AppScan® Enterprise Server from AppScan® Source products
  Most AppScan® Source products and components require a connection to an AppScan Enterprise Server. The server provides centralized user management capabilities and a mechanism for sharing assessments. All user management occurs in AppScan Enterprise.
- LDAP integration
  To add an AppScan® Source user that will be authenticated via LDAP, you must have configured the AppScan Enterprise Server user repository to use an LDAP repository.
- Registering applications and projects for publishing to AppScan® Source
- AppScan® Source application and project files
  AppScan® Source applications and projects have corresponding files that maintain configuration information required for scanning, as well as triage customization. It is recommended that these files reside in the same directory as the source code, since configuration information (dependencies, compiler options, and so forth) required to build the projects is very similar to that required for AppScan Source to scan them successfully. Best practice includes managing these files with your source control system.
- Port configuration
Developing
Learn how to develop by using the product.
Extending product function
Learn how to extend the product.
Reference
Review reference information for the product.
Troubleshooting and support
There are a number of self-help information resources and tools to help you troubleshoot problems.

User accounts and permissions

Before AppScan® Source users can begin to scan or triage results, an administrator must create user accounts and assign permissions to the accounts.

Important: This topic applies only if you have upgraded to AppScan® Source version 10.0.2 or higher from a 10.0.1 or earlier version of the product. New installations of AppScan® Source version 10.0.2 do not have this functionality; all user administration of new AppScan® Source installations occurs in AppScan® Enterprise.

AppScan® Source user permissions are stored in the AppScan® Source Database and applied when a user is logged in to the AppScan® Enterprise Server. Users that run AppScan® Source for Development in local mode have full AppScan® Source permissions.

When you create a user, you establish a role for that user and identify the permissions available for that user. Permissions identify the allowable AppScan® Source tasks for that user. Tasks not specifically identified as part of a permission are available to all users.

Note: You cannot modify a user ID. You must delete the user account and recreate the user with the same user ID.


Permission Group	Permission
Application and Project Management	Register (Register and unregister applications and projects)
	Scan
	View Registered
	Manage Attributes
	Apply Attributes
Assessment Management	Delete Published Assessments
	Save Assessments
	Publish Assessments
	View Published Assessments
Knowledgebase Management	Manage Custom Rules
	Manage Patterns
Administration	Manage Users
	Manage AppScan® Enterprise Settings
Filter Management	Manage Shared Filters
Scan Configurations	Manage Shared Configurations (sharing scan configurations and editing/deleting shared scan configurations)