Welcome
Welcome to the documentation for HCL® AppScan® Source.
Introduction to HCL® AppScan® Source
HCL® AppScan® Source delivers maximum value to every user in your organization who plays a role in software security. Whether a security analyst, quality assurance professional, developer, or executive, the AppScan Source products deliver the functionality, flexibility, and power you need - right to your desktop.
What's New in AppScan® Source
Explore these new features that have been added to AppScan® Source - and note any features and capabilities that have been deprecated in this release.
Installing
Learn how to install the product.
Configuring
Learn how to configure the product.
Administering
Learn how to administer the product.
Developing
Learn how to develop by using the product.
- Scanning source code and managing assessments
  This section explains how to scan your source code and manage assessments.
- Triage and analysis
  Grouping similar findings allows security analysts or IT auditors to segment and triage source code problems. This section explains how to triage AppScan® Source assessments and analyze results.
- AppScan® Source trace
  With AppScan® Source trace, you can verify input validation and encoding that meets your software security policies. You can look at the findings that produce input/output traces and mark methods as validation and encoding routines, sources or sinks, callbacks, or taint propagators.
- Findings reports and audit reports
  Security analysts and risk managers can access reports of select findings or a series of audit reports that measure compliance with software security best practices and regulatory requirements. This section explains how to create reports of aggregate finding data.
- Creating custom reports
  In the Report Editor, you create report templates used to generate custom reports.
  - Report Editor
    With the Report Editor, you can edit custom reports or templates or create a new report. Custom reports include any items that are available to a findings report, such as finding information, code snippets, AppScan® Source trace, and remediation content, as well as a vulnerability matrix. Before you start designing new reports, it is recommended that you become familiar with the report creation process by modifying an existing report template in the Report Editor.
  - Generating custom reports
    The procedures in this section's topics describe how to design and generate a report from an existing custom report. Alternatively, you can create a new report. To edit an existing report, open the report and follow the design, modification, and preview procedures.
Extending product function
Learn how to extend the product.
Reference
Review reference information for the product.
Troubleshooting and support
There are a number of self-help information resources and tools to help you troubleshoot problems.

Creating custom reports

In the Report Editor, you create report templates used to generate custom reports.

An AppScan® Source Findings Report or AppScan® Source report may not provide the exact data that you need; you may require that your report contains more or less information. The AppScan® Source for Analysis Report Editor allows you to create custom reports.

Typically, you create a custom report when you must:

Produce a report that maps to and reports on a unique security policy. You first create a custom report, and then apply the report to a specific assessment.
Define and produce a report to highlight unique findings and characteristics.
Modify or add to an existing report.

When you save the report template to <data_dir>\reports (where <data_dir> is the location of your AppScan® Source program data, as described in Installation and user data file locations), the report is available for assessments of any application. When saved to the directory of a particular application, the report is available for scans of that application or any of its projects.

Before you begin creating or editing an AppScan® Source report, familiarize yourself with the report types and the elements that comprise each report. When you create a custom report, you can map report elements in any order. Report elements include finding information, code snippets, traces, and remediation content, as well as text and graphical elements.