Home
Introduction to HCL® AppScan® Source
HCL® AppScan® Source delivers maximum value to every user in your organization who plays a role in software security. Whether a security analyst, quality assurance professional, developer, or executive, the AppScan Source products deliver the functionality, flexibility, and power you need - right to your desktop.
Introduction to HCL® AppScan® Source for Analysis
This section describes how AppScan® Source for Analysis fits into the total AppScan Source solution and provides a basis for understanding the software assurance workflow.
AppScan® Source for Analysis overview
AppScan® Source for Analysis is a tool for analyzing code and providing specific information about source code vulnerabilities in critical systems. AppScan Source for Analysis lets you centrally manage your software risk across multiple applications, or even your entire portfolio. You can scan source code, triage, and eliminate vulnerabilities before they become a liability to your organization.

Welcome
Welcome to the documentation for HCL® AppScan® Source.
Introduction to HCL® AppScan® Source
HCL® AppScan® Source delivers maximum value to every user in your organization who plays a role in software security. Whether a security analyst, quality assurance professional, developer, or executive, the AppScan Source products deliver the functionality, flexibility, and power you need - right to your desktop.
- HCL® AppScan® Source Version 10.2.0 Readme and Release Notes®
- Migrating to the current version of AppScan® Source
  This topic contains migration information for changes that have gone into this version of AppScan® Source. If you are upgrading from an older version of AppScan Source, be sure to note the changes for the version of AppScan Source that you are upgrading and all versions leading up to this current version.
- Important concepts
  Before you begin to use or administer AppScan® Source, you should become familiar with fundamental AppScan Source concepts. This section defines basic AppScan Source terminology and concepts. Subsequent chapters repeat these definitions to help you understand their context in AppScan Source for Analysis.
- AppScan® Source deployment models
  This section describes three different deployment models and the components that comprise each model.
- Introduction to HCL® AppScan® Source for Analysis
  This section describes how AppScan® Source for Analysis fits into the total AppScan Source solution and provides a basis for understanding the software assurance workflow.
  - AppScan® Source for Analysis overview
    AppScan® Source for Analysis is a tool for analyzing code and providing specific information about source code vulnerabilities in critical systems. AppScan Source for Analysis lets you centrally manage your software risk across multiple applications, or even your entire portfolio. You can scan source code, triage, and eliminate vulnerabilities before they become a liability to your organization.
  - AppScan® Source and accessibility
    Accessibility affects users with physical disabilities, such as restricted mobility or limited vision. Accessibility issues can impede the ability to use software products successfully. This topic outlines known AppScan® Source accessibility issues and their workarounds.
- Logging in to AppScan® Enterprise Server from AppScan® Source products
  Most AppScan® Source products and components require a connection to an AppScan Enterprise Server. The server provides centralized user management capabilities and a mechanism for sharing assessments. All user management occurs in AppScan Enterprise.
- United States government regulation compliance
  Compliance with United States government security and information technology regulations help to remove sales impediments and roadblocks. It also provides a proof point to prospects worldwide that HCL® is working to make their products the most secure in the industry. This topic lists the standards and guidelines that AppScan® Source supports.
- AppScan® Source and accessibility
  Accessibility affects users with physical disabilities, such as restricted mobility or limited vision. Accessibility issues can impede the ability to use software products successfully. This topic outlines known AppScan® Source accessibility issues and their workarounds.
- Notices
- Copyright
What's New in AppScan® Source
Explore these new features that have been added to AppScan® Source - and note any features and capabilities that have been deprecated in this release.
Installing
Learn how to install the product.
Configuring
Learn how to configure the product.
Administering
Learn how to administer the product.
Developing
Learn how to develop by using the product.
Extending product function
Learn how to extend the product.
Reference
Review reference information for the product.
Troubleshooting and support
There are a number of self-help information resources and tools to help you troubleshoot problems.

AppScan® Source for Analysis overview

AppScan® Source for Analysis is a tool for analyzing code and providing specific information about source code vulnerabilities in critical systems. AppScan® Source for Analysis lets you centrally manage your software risk across multiple applications, or even your entire portfolio. You can scan source code, triage, and eliminate vulnerabilities before they become a liability to your organization.

AppScan® Source for Analysis provides audit and quality assurance teams with tools to scan source code, triage results, and submit flaws to defect tracking systems.

Armed with in-context intelligence from the AppScan® Source Security Knowledgebase, analysts, auditors, managers, and developers can:

Scan selected source code on-demand to locate critical vulnerabilities
Receive precise remediation advice and invoke their preferred development environment and code editor directly from analysis
Trace tainted data through a precise, interactive call graph from input to output
Enforce coding policies, verifying approved input validation and encoding routines through AppScan® Source trace
Learn and implement secure programming best practices during software development

Note: As of version 9.0.3.11, AppScan® Source no longer supports macOS or iOS Xcode scanning.