Home
Introduction to HCL® AppScan® Source
HCL® AppScan® Source delivers maximum value to every user in your organization who plays a role in software security. Whether a security analyst, quality assurance professional, developer, or executive, the AppScan Source products deliver the functionality, flexibility, and power you need - right to your desktop.
AppScan® Source deployment models
This section describes three different deployment models and the components that comprise each model.
Standard desktop deployment

Welcome
Welcome to the documentation for HCL® AppScan® Source.
Introduction to HCL® AppScan® Source
HCL® AppScan® Source delivers maximum value to every user in your organization who plays a role in software security. Whether a security analyst, quality assurance professional, developer, or executive, the AppScan Source products deliver the functionality, flexibility, and power you need - right to your desktop.
- HCL® AppScan® Source Version 10.2.0 Readme and Release Notes®
- Migrating to the current version of AppScan® Source
  This topic contains migration information for changes that have gone into this version of AppScan® Source. If you are upgrading from an older version of AppScan Source, be sure to note the changes for the version of AppScan Source that you are upgrading and all versions leading up to this current version.
- Important concepts
  Before you begin to use or administer AppScan® Source, you should become familiar with fundamental AppScan Source concepts. This section defines basic AppScan Source terminology and concepts. Subsequent chapters repeat these definitions to help you understand their context in AppScan Source for Analysis.
- AppScan® Source deployment models
  This section describes three different deployment models and the components that comprise each model.
  - Standard desktop deployment
  - Small workgroup deployment
    The small workgroup deployment best fits a small to moderate size team that does not have many IT Compliance Guidelines related to application deployment.
  - Enterprise workgroup deployment
- Introduction to HCL® AppScan® Source for Analysis
  This section describes how AppScan® Source for Analysis fits into the total AppScan Source solution and provides a basis for understanding the software assurance workflow.
- Logging in to AppScan® Enterprise Server from AppScan® Source products
  Most AppScan® Source products and components require a connection to an AppScan Enterprise Server. The server provides centralized user management capabilities and a mechanism for sharing assessments. All user management occurs in AppScan Enterprise.
- United States government regulation compliance
  Compliance with United States government security and information technology regulations help to remove sales impediments and roadblocks. It also provides a proof point to prospects worldwide that HCL® is working to make their products the most secure in the industry. This topic lists the standards and guidelines that AppScan® Source supports.
- AppScan® Source and accessibility
  Accessibility affects users with physical disabilities, such as restricted mobility or limited vision. Accessibility issues can impede the ability to use software products successfully. This topic outlines known AppScan® Source accessibility issues and their workarounds.
- Notices
- Copyright
What's New in AppScan® Source
Explore these new features that have been added to AppScan® Source - and note any features and capabilities that have been deprecated in this release.
Installing
Learn how to install the product.
Configuring
Learn how to configure the product.
Administering
Learn how to administer the product.
Developing
Learn how to develop by using the product.
Extending product function
Learn how to extend the product.
Reference
Review reference information for the product.
Troubleshooting and support
There are a number of self-help information resources and tools to help you troubleshoot problems.

Standard desktop deployment

The standard desktop deployment is for a single AppScan® Source user in a small organization or a security analyst/auditor who performs security assessments, both onsite and offsite. It assumes no defect tracking system integration or build integration (through use of AppScan® Source for Automation). This deployment model can be installed in two ways:

Two AppScan® Source components installed on one computer, such as a notebook: AppScan® Source for Analysis (client) and the AppScan® Enterprise Server.
One AppScan® Source component installed on one computer, such as a notebook: AppScan® Source for Analysis (client) to be run in standalone mode.

The desktop deployment model focuses on scan results and individual productivity and convenience rather than the ability to deploy AppScan® Source across numerous computers and optimization around a team effort.

With this model, a user either authenticates to the AppScan® Enterprise Server using the AppScan® Source administrative account, and no LDAP Directory Server integration is expected, or runs in standalone mode with no authenication required. This model assumes that a source control management client on the computer provides access to source code, or the source code resides on the computer.

The standard desktop deployment is ideal for a mobile auditor. For example, the auditor might work onsite and then want to finish some work at home or while traveling. If the auditor logs in to the notebook running AppScan® Source for Analysis and the AppScan® Enterprise Server while offsite, there is access to the source code and the saved assessments. Later, when the auditor returns to work onsite, reconnecting to the source control system allows for the return of the corrected source to the corporate repository. This model allows for the generation of leave-behind reports with all of the assessment result details.