Welcome
Welcome to the documentation for HCL® AppScan® Source.
Introduction to HCL® AppScan® Source
HCL® AppScan® Source delivers maximum value to every user in your organization who plays a role in software security. Whether a security analyst, quality assurance professional, developer, or executive, the AppScan Source products deliver the functionality, flexibility, and power you need - right to your desktop.
What's New in AppScan® Source
Explore these new features that have been added to AppScan® Source - and note any features and capabilities that have been deprecated in this release.
Installing
Learn how to install the product.
Configuring
Learn how to configure the product.
Administering
Learn how to administer the product.
Developing
Learn how to develop by using the product.
- Scanning source code and managing assessments
  This section explains how to scan your source code and manage assessments.
- Triage and analysis
  Grouping similar findings allows security analysts or IT auditors to segment and triage source code problems. This section explains how to triage AppScan® Source assessments and analyze results.
- AppScan® Source trace
  With AppScan® Source trace, you can verify input validation and encoding that meets your software security policies. You can look at the findings that produce input/output traces and mark methods as validation and encoding routines, sources or sinks, callbacks, or taint propagators.
- Findings reports and audit reports
  Security analysts and risk managers can access reports of select findings or a series of audit reports that measure compliance with software security best practices and regulatory requirements. This section explains how to create reports of aggregate finding data.
  - Creating findings reports
  - AppScan® Source reports
    - Creating an AppScan® Source custom report
    - CWE Top 25 2021 report
      The CWE Top 25 2021 report is based on the 2021 CWE Top 25 Most Dangerous Software Errors.
    - DISA Application Security and Development STIG report
      This topic provides links to the Defense Information Systems Agency (DISA) Application Security and Development Security Technical Implementation Guide (STIG) website and guidance documents.
    - Open Web Application Security Project (OWASP) Top 10 2017 and 2021 reports
      This topic provides links to the Open Web Application Security Project (OWASP) website and guidance documents.
    - Open Web Application Security Project (OWASP) Mobile Top 10 report
      This topic provides links to the Open Web Application Security Project (OWASP) website and guidance documents.
    - Open Web Application Security Project (OWASP) API Top 10 report
      This topic provides links to the Open Web Application Security Project (OWASP) website and guidance documents.
    - Payment Card Industry Data Security Standard (PCI DSS) Version 3.2 report
    - Software Security Profile report
      The Software Security Profile presents a comprehensive analysis of the characteristics of your application that have direct relevance to its security. It provides a detailed audit of critical security features in software for a particular project. This report helps you verify the implementation of requirements such as encryption, access control, logging, and error handling before certifying the software for deployment.
- Creating custom reports
  In the Report Editor, you create report templates used to generate custom reports.
Extending product function
Learn how to extend the product.
Reference
Review reference information for the product.
Troubleshooting and support
There are a number of self-help information resources and tools to help you troubleshoot problems.

AppScan® Source reports

AppScan® Source reports help software security analysts, development managers, and risk management auditors measure compliance with software security best practices and regulatory requirements. AppScan® Source reports help ensure that your critical applications meet the security standards you set.

AppScan® Source uses source code vulnerability analysis results to power a series of reports that provide a detailed picture of compliance to a security, development, or audit professional.

AppScan® Source reports feature:

Report Card: Report card for a brief view of the security state of each major category
Detailed Audit Review: A detailed audit of non-compliant findings
Drill Down: Direct access to the non-compliant code for further analysis and prioritization of remediation and assignment

AppScan® Source for Analysis generates a variety of AppScan® Source reports:

CWE Top 25 2021 report
DISA Application Security and Development STIG report
Open Web Application Security Project (OWASP) Mobile Top 10 report
Open Web Application Security Project (OWASP) API Top 10 report
Open Web Application Security Project (OWASP) Top 10 2017 and 2021 reports
Payment Card Industry Data Security Standard (PCI DSS) Version 3.2 report
Software Security Profile report: Provides an overall view of the security state of an application, across every major vulnerability category.