Home
Introduction to HCL® AppScan® Source
HCL® AppScan® Source delivers maximum value to every user in your organization who plays a role in software security. Whether a security analyst, quality assurance professional, developer, or executive, the AppScan Source products deliver the functionality, flexibility, and power you need - right to your desktop.
Logging in to AppScan® Enterprise Server from AppScan® Source products
Most AppScan® Source products and components require a connection to an AppScan Enterprise Server. The server provides centralized user management capabilities and a mechanism for sharing assessments. All user management occurs in AppScan Enterprise.
AppScan® Enterprise Server SSL certificates
When the AppScan® Enterprise Server is installed, it should be configured to use a valid SSL certificate. If this is not done, you will receive an untrusted connection message when logging in to the server from AppScan Source for Analysis or the AppScan Source command line interface (CLI) - or AppScan Source for Development on Windows™ and Linux™.

Welcome
Welcome to the documentation for HCL® AppScan® Source.
Introduction to HCL® AppScan® Source
HCL® AppScan® Source delivers maximum value to every user in your organization who plays a role in software security. Whether a security analyst, quality assurance professional, developer, or executive, the AppScan Source products deliver the functionality, flexibility, and power you need - right to your desktop.
- HCL® AppScan® Source Version 10.1.0 Readme and Release Notes®
- Migrating to the current version of AppScan® Source
  This topic contains migration information for changes that have gone into this version of AppScan® Source. If you are upgrading from an older version of AppScan Source, be sure to note the changes for the version of AppScan Source that you are upgrading and all versions leading up to this current version.
- Important concepts
  Before you begin to use or administer AppScan® Source, you should become familiar with fundamental AppScan Source concepts. This section defines basic AppScan Source terminology and concepts. Subsequent chapters repeat these definitions to help you understand their context in AppScan Source for Analysis.
- AppScan® Source deployment models
  This section describes three different deployment models and the components that comprise each model.
- Introduction to HCL® AppScan® Source for Analysis
  This section describes how AppScan® Source for Analysis fits into the total AppScan Source solution and provides a basis for understanding the software assurance workflow.
- Logging in to AppScan® Enterprise Server from AppScan® Source products
  Most AppScan® Source products and components require a connection to an AppScan Enterprise Server. The server provides centralized user management capabilities and a mechanism for sharing assessments. All user management occurs in AppScan Enterprise.
  - Enabling Common Access Card (CAC) authentication
    This topic helps you set up AppScan® Source to allow a connection to an AppScan Enterprise Server that is enabled for Common Access Card (CAC) authentication.
  - Changing AppScan® Source user passwords
    To be able to change an AppScan® Source user password, you must have Manage Users permissions and the change must be made in AppScan Source for Analysis. If you do not have this permission, have your administrator change your password for you, following the instructions in this topic. If your AppScan Enterprise Server is configured to use LDAP authentication or Windows™ authentication, this topic does not apply.
  - AppScan® Enterprise Server SSL certificates
    When the AppScan® Enterprise Server is installed, it should be configured to use a valid SSL certificate. If this is not done, you will receive an untrusted connection message when logging in to the server from AppScan Source for Analysis or the AppScan Source command line interface (CLI) - or AppScan Source for Development on Windows™ and Linux™.
- United States government regulation compliance
  Compliance with United States government security and information technology regulations help to remove sales impediments and roadblocks. It also provides a proof point to prospects worldwide that HCL® is working to make their products the most secure in the industry. This topic lists the standards and guidelines that AppScan® Source supports.
- AppScan® Source and accessibility
  Accessibility affects users with physical disabilities, such as restricted mobility or limited vision. Accessibility issues can impede the ability to use software products successfully. This topic outlines known AppScan® Source accessibility issues and their workarounds.
- Notices
- Copyright
What's New in AppScan® Source
Explore these new features that have been added to AppScan® Source - and note any features and capabilities that have been deprecated in this release.
Installing
Learn how to install the product.
Configuring
Learn how to configure the product.
Administering
Learn how to administer the product.
Developing
Learn how to develop by using the product.
Extending product function
Learn how to extend the product.
Reference
Review reference information for the product.
Troubleshooting and support
There are a number of self-help information resources and tools to help you troubleshoot problems.

AppScan® Enterprise Server SSL certificates

When the AppScan® Enterprise Server is installed, it should be configured to use a valid SSL certificate. If this is not done, you will receive an untrusted connection message when logging in to the server from AppScan® Source for Analysis or the AppScan® Source command line interface (CLI) - or AppScan® Source for Development on Windows™ and Linux™.

SSL certificate storage location

Certificates that have been permanently accepted are stored in <data_dir>\config\cacertspersonal and <data_dir>\config\cacertspersonal.pem (where <data_dir> is the location of your AppScan® Source program data, as described in Installation and user data file locations). Remove these two files if you no longer want the certificates permanently stored.

AppScan® Source for Automation and SSL certificate validation

By default, certificates are automatically accepted when using AppScan® Source for Automation. This behavior is determined by the ounceautod_accept_ssl setting in the Automation Server configuration file (<data_dir>\config\ounceautod.ozsettings (where <data_dir> is the location of your AppScan® Source program data, as described in Installation and user data file locations)). If this setting is edited so that value="true" is set to value="false", SSL validation will be attempted and logging in or publishing to AppScan® Enterprise Console will fail with error if an invalid certificate is encountered.

AppScan® Source command line interface (CLI) and SSL certificate validation

By default, when using the CLI login command, SSL validation will be attempted and logging in or publishing to AppScan® Enterprise Console will fail with error if an invalid certificate is encountered (if you have not already permanently accepted the certificate while logging in via another AppScan® Source client product). This behavior can be modified by using the option -acceptssl parameter when issuing the login command. When this parameter is used, SSL certificates are automatically accepted.