Welcome
Reporting
Security analysts and risk managers can access reports of select findings or a series of audit reports that measure compliance with software security best practices and regulatory requirements. This section explains how to create reports of aggregate finding data.
AppScan® Source reports
Open Web Application Security Project (OWASP) Top 10 2017 and 2021 reports
This topic provides links to the Open Web Application Security Project (OWASP) website and guidance documents.

Welcome
Welcome to the documentation for HCL® AppScan® Source.
What's New
Explore new features added to AppScan® Source and note any features and capabilities deprecated in this release.
Installing
Learn how to install, upgrade, and activate HCL® AppScan® Source.
Configuring
Learn how to configure applications, folders, and projects, and set attributes and properties in HCL® AppScan® Source.
Administering
Learn how to administer user accounts and permissions, audit user activity, and manage integrations in HCL® AppScan® Source.
Scanning
This section explains how to scan your source code and manage assessments in HCL® AppScan® Source.
Triage and analysis
Grouping similar findings allows security analysts or IT auditors to segment and triage source code problems. This section explains how to triage AppScan® Source assessments and analyze results.
Reporting
Security analysts and risk managers can access reports of select findings or a series of audit reports that measure compliance with software security best practices and regulatory requirements. This section explains how to create reports of aggregate finding data.
- Creating findings reports
- AppScan® Source reports
  - Creating an AppScan® Source custom report
  - CWE Top 25 2024 report
    The CWE Top 25 2024 report is based on the 2024 CWE Top 25 Most Dangerous Software Errors.
  - CWE Top 25 2021 report
    The CWE Top 25 2021 report is based on the 2021 CWE Top 25 Most Dangerous Software Errors.
  - DISA Application Security and Development STIG V5R3 and V6R3 reports
    This topic provides links to the Defense Information Systems Agency (DISA) Application Security and Development Security Technical Implementation Guide (STIG) website and guidance documents.
  - Open Web Application Security Project (OWASP) Top 10 2017 and 2021 reports
    This topic provides links to the Open Web Application Security Project (OWASP) website and guidance documents.
  - Open Web Application Security Project (OWASP) Mobile Top 10 report
    This topic provides links to the Open Web Application Security Project (OWASP) website and guidance documents.
  - Open Web Application Security Project (OWASP) API Top 10 report
    This topic provides links to the Open Web Application Security Project (OWASP) website and guidance documents.
  - Open Web Application Security Project (OWASP) API Top 10 2023 report
    This topic provides links to the Open Web Application Security Project (OWASP) website and guidance documents.
  - Payment Card Industry Data Security Standard (PCI DSS) Version 4.0 report
  - Software Security Profile report
    The Software Security Profile presents a comprehensive analysis of the characteristics of your application that have direct relevance to its security. It provides a detailed audit of critical security features in software for a particular project. This report helps you verify the implementation of requirements such as encryption, access control, logging, and error handling before certifying the software for deployment.
- Creating custom reports
  In the Report Editor, you create report templates used to generate custom reports.
- Exporting findings
  Export finds in CSV or SARIF format from the findings list of a scan.
Extending product function
Learn how to extend the product to meet specific development requirements.
Reference
Review reference information for HCL® AppScan® Source, including using utilities, plug-ins, and APIs.
Troubleshooting and support
Self-help information, resources, and tools to help you troubleshoot issues while using HCL® AppScan® Source.

Open Web Application Security Project (OWASP) Top 10 2017 and 2021 reports

This topic provides links to the Open Web Application Security Project (OWASP) website and guidance documents.

To learn about OWASP, see https://www.owasp.org/index.php/Main_Page. Links to various OWASP documents and security risks are available at https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project.