Scanning applications
An AppScan® Source scan analyzes source code for security vulnerabilities. The result of a scan is an assessment, which is an XML file.
Note: For detailed information about AppScan®
Source capabilities,
see the HCL®
AppScan® Source for
Analysis User
Guide.
Use the ounce:scan
goal from the command line
to scan the application and its projects and optionally generate a
report from the assessment.
After a scan is finished, Ounce/Maven allows you to:
- Publish the assessment to the AppScan® Source Database. This makes the assessment results available to other users with access to the database and the necessary privileges.
- Generate a report.