Home
Introduction to HCL® AppScan® Source
HCL® AppScan® Source delivers maximum value to every user in your organization who plays a role in software security. Whether a security analyst, quality assurance professional, developer, or executive, the AppScan Source products deliver the functionality, flexibility, and power you need - right to your desktop.
AppScan® Source deployment models
This section describes three different deployment models and the components that comprise each model.
Enterprise workgroup deployment

Welcome
Welcome to the documentation for HCL® AppScan® Source.
Introduction to HCL® AppScan® Source
HCL® AppScan® Source delivers maximum value to every user in your organization who plays a role in software security. Whether a security analyst, quality assurance professional, developer, or executive, the AppScan Source products deliver the functionality, flexibility, and power you need - right to your desktop.
- HCL® AppScan® Source Version 10.2.0 Readme and Release Notes®
- Migrating to the current version of AppScan® Source
  This topic contains migration information for changes that have gone into this version of AppScan® Source. If you are upgrading from an older version of AppScan Source, be sure to note the changes for the version of AppScan Source that you are upgrading and all versions leading up to this current version.
- Important concepts
  Before you begin to use or administer AppScan® Source, you should become familiar with fundamental AppScan Source concepts. This section defines basic AppScan Source terminology and concepts. Subsequent chapters repeat these definitions to help you understand their context in AppScan Source for Analysis.
- AppScan® Source deployment models
  This section describes three different deployment models and the components that comprise each model.
  - Standard desktop deployment
  - Small workgroup deployment
    The small workgroup deployment best fits a small to moderate size team that does not have many IT Compliance Guidelines related to application deployment.
  - Enterprise workgroup deployment
- Introduction to HCL® AppScan® Source for Analysis
  This section describes how AppScan® Source for Analysis fits into the total AppScan Source solution and provides a basis for understanding the software assurance workflow.
- Logging in to AppScan® Enterprise Server from AppScan® Source products
  Most AppScan® Source products and components require a connection to an AppScan Enterprise Server. The server provides centralized user management capabilities and a mechanism for sharing assessments. All user management occurs in AppScan Enterprise.
- United States government regulation compliance
  Compliance with United States government security and information technology regulations help to remove sales impediments and roadblocks. It also provides a proof point to prospects worldwide that HCL® is working to make their products the most secure in the industry. This topic lists the standards and guidelines that AppScan® Source supports.
- AppScan® Source and accessibility
  Accessibility affects users with physical disabilities, such as restricted mobility or limited vision. Accessibility issues can impede the ability to use software products successfully. This topic outlines known AppScan® Source accessibility issues and their workarounds.
- Notices
- Copyright
What's New in AppScan® Source
Explore these new features that have been added to AppScan® Source - and note any features and capabilities that have been deprecated in this release.
Installing
Learn how to install the product.
Configuring
Learn how to configure the product.
Administering
Learn how to administer the product.
Developing
Learn how to develop by using the product.
Extending product function
Learn how to extend the product.
Reference
Review reference information for the product.
Troubleshooting and support
There are a number of self-help information resources and tools to help you troubleshoot problems.

Enterprise workgroup deployment

The enterprise workgroup deployment is for medium to large teams in large organizations where enterprise considerations are required. This deployment works well if your organization must:

Comply with IT Governance and Compliance Guidelines such as clustering and load balancing web applications
Maximize corporate resources, such as having the database in a data center with automatic backups
Run components within certain firewalls, requiring some form of port-forwarding

This deployment model expects that there is a corporate LDAP Directory Server and that authentication to use AppScan® Source requires validation of credentials through the directory server. It also assumes that access to source code is available through a source control management client on the computer or the source resides on the computer, and that a defect tracking system integration is in place.

Typically, the organization automates application scans by integrating with the build process, thus requiring the deployment of AppScan® Source for Automation. In this model, it is also possible that the enterprise has standardized on a database server, such as Oracle.

A common enterprise workgroup deployment would have these characteristics:

Security analysts and developers connect to the AppScan® Enterprise Server
Auditors connect to the Enterprise Console component of AppScan® Enterprise Server through a web browser
AppScan® Source server components run on different computers due to IT Governance and Compliance Guidelines
- The Enterprise Console is on a central web application server cluster that is load balanced, and the Automation Server runs on one or more build servers
- Data Center contains a Oracle Database Server
Automation Server is deployed on the build systems
AppScan® Enterprise Server communicates with the LDAP Directory Server for user authentication
AppScan® Enterprise Server and AppScan® Source clients connect to the AppScan® Source Database hosted in a Data Center (and possibly requires a specific database such as Oracle)
Source control clients provide access to source code on all appropriate computers
AppScan® Source for Analysis integrates with defect tracking system clients on the same computer