Home
Reference
Review reference information for the product.
AppScan® Source Data Access API
The Data Access API provides access to AppScan® Source-generated assessment results, including findings and finding details. It also provides access to assessment metrics such as analysis date and time, lines of code, V-density, and number of findings.
Ounce/Maven plug-in
This section describes the Ounce/Maven plug-in, which uses Maven, an Apache build tool, to integrate AppScan® Source into the Maven workflow.
Using Ounce/Maven
The Ounce/Maven plug-in allows you to use Ounce/Maven to create AppScan® Source projects and applications, scan the applications, publish the resulting assessments, and generate AppScan Source reports. Specify the Ounce/Maven goals and parameters as you would for any other Maven plug-in.

Welcome
Welcome to the documentation for HCL® AppScan® Source.
Introduction to HCL® AppScan® Source
HCL® AppScan® Source delivers maximum value to every user in your organization who plays a role in software security. Whether a security analyst, quality assurance professional, developer, or executive, the AppScan Source products deliver the functionality, flexibility, and power you need - right to your desktop.
What's New in AppScan® Source
Explore these new features that have been added to AppScan® Source - and note any features and capabilities that have been deprecated in this release.
Installing
Learn how to install the product.
Configuring
Learn how to configure the product.
Administering
Learn how to administer the product.
Developing
Learn how to develop by using the product.
Extending product function
Learn how to extend the product.
Reference
Review reference information for the product.
- The Ounce/Make build utility
  Ounce/Make is a tool that automates the importing of configuration information into AppScan® Source from build environments that use makefile. Ounce/Make eliminates the need to import configuration information from makefiles manually; this the recommended method of configuring these projects.
- AppScan® Source command line interface (CLI)
  The CLI is an interface to core AppScan® Source functionality.
- The Ounce/Ant build tool
  This section describes how to use Ounce/Ant, an AppScan® Source build utility that integrates AppScan Source and Apache Ant. Integrating Ounce/Ant with your Ant environment helps you automate builds and code assessments.
- AppScan® Source Data Access API
  The Data Access API provides access to AppScan® Source-generated assessment results, including findings and finding details. It also provides access to assessment metrics such as analysis date and time, lines of code, V-density, and number of findings.
  - Data Access API object model
  - Using the Data Access API
    You can find complete examples for a number of Data Access API scenarios in the SamplePublished.java and SampleSdk.java files included in <install_dir>\sdk\sample\com\ouncelabs\sdk\sample (where <install_dir> is the location of your AppScan® Source installation).
  - Data Access API classes and methods
  - Ounce/Maven plug-in
    This section describes the Ounce/Maven plug-in, which uses Maven, an Apache build tool, to integrate AppScan® Source into the Maven workflow.
    - Installing Ounce/Maven
    - Using Ounce/Maven
      The Ounce/Maven plug-in allows you to use Ounce/Maven to create AppScan® Source projects and applications, scan the applications, publish the resulting assessments, and generate AppScan Source reports. Specify the Ounce/Maven goals and parameters as you would for any other Maven plug-in.
    - Ounce/Maven scenarios
    - Ounce/Maven goals
  - AppScan® Source for Automation
    The Automation Server (ounceautod) allows you to automate key aspects of the AppScan® Source workflow and integrate security with build environments during the software development life cycle (SDLC). The Automation Server allows you to queue requests to scan and publish assessments, and generate reports on the security of application code.
  - Framework for Frameworks handling APIs
    AppScan® Source provides a set of Java™ APIs that allow you to add support for frameworks that are used in your applications. The classes and methods offered in these APIs allow you to account for frameworks for which built-in support is not provided.
  - AppScan® Source client component error messages
  - AppScan® Source for Analysis samples
    AppScan® Source for Analysis includes a sample applicationsample applications that you can use to familiarize yourself with the product.
  - The AppScan® Source for Analysis work environment
    To get the most out of AppScan® Source, you should understand the basic concepts behind the AppScan Source for Analysis working environment and how to use the options that best fit your workflow.
  - Views and windows
    AppScan® Source for Development views and windows provide alternative presentations of findings, support code editing, and allow you to navigate the information in your workbench. A view might appear by itself, or stacked with other views in a tabbed notebook. You can change the layout of a perspective or window layout by opening and closing views and by docking them in different positions in the Workbench window.
  - CWE support
    The Common Weakness Enumeration (CWE) is an industry standard list that provides common names for publicly known software weaknesses. This topic lists the CWE IDs that are supported in the current version of AppScan® Source.
- Glossary
  Learn common product terminology.
Troubleshooting and support
There are a number of self-help information resources and tools to help you troubleshoot problems.

Using Ounce/Maven

The Ounce/Maven plug-in allows you to use Ounce/Maven to create AppScan® Source projects and applications, scan the applications, publish the resulting assessments, and generate AppScan® Source reports. Specify the Ounce/Maven goals and parameters as you would for any other Maven plug-in.

You can call Ounce/Maven commands in two ways:

Using a Maven pom (build) file: The pom file allows you to create AppScan® Source application and project files as part of your build. After installing Ounce/Maven, you can modify a Maven pom file to specify the ounce:application and ounce:project-only goals as needed for your AppScan® Source tasks.
From the command line: Invoke the ounce:project, ounce:scan, and ounce:report goals from the command line to create AppScan® Source project files (or override project file parameters from the pom file), start AppScan® Source scans, publish assessments, and generate AppScan® Source reports.

Each of the Ounce/Maven goals includes a number of parameters. For information about Ounce/Maven goals, see Ounce/Maven goals.