Welcome
Welcome to the documentation for HCL® AppScan® Source.
What's New
Explore these new features that have been added to AppScan® Source - and note any features and capabilities that have been deprecated in this release.
Installing
Learn how to install, upgrade, and activate HCL® AppScan® Source.
Configuring
Learn how to configure applications, folders, and projects, and set attributes and properties in HCL® AppScan® Source.
Administering
Learn how to administer user accounts and permissions, audit user activity, and manage integrations in HCL® AppScan® Source.
- Administering AppScan® Source
  This section explains user management, permissions, application and project registration, and port configuration.
- Auditing user activity
  AppScan® Source offers a convenient location for auditing user activity. The Audit view logs events such as authentication to the AppScan Enterprise Server, the creation of new users, and the creation of new rules in the database.
- Logging in to AppScan® Enterprise Server from AppScan® Source products
  Most AppScan® Source products and components require a connection to an AppScan Enterprise Server. The server provides centralized user management capabilities and a mechanism for sharing assessments. All user management occurs in AppScan Enterprise.
- LDAP integration
  To add an AppScan® Source user that will be authenticated via LDAP, you must have configured the AppScan Enterprise Server user repository to use an LDAP repository.
- Registering applications and projects for publishing to AppScan® Source
- AppScan® Source application, folder, and project files
  AppScan® Source applications, folders, and projects have corresponding files that maintain configuration information required for scanning, as well as triage customization. These files should reside in the same directory as the source code, since configuration information (dependencies, compiler options, and so forth) required to build the projects is very similar to that required for AppScan Source to scan them successfully. Best practice includes managing these files with your source control system.
- Port configuration
Scanning
This section explains how to scan your source code and manage assessments in HCL® AppScan® Source.
Triage and analysis
Grouping similar findings allows security analysts or IT auditors to segment and triage source code problems. This section explains how to triage AppScan® Source assessments and analyze results.
Reporting
Security analysts and risk managers can access reports of select findings or a series of audit reports that measure compliance with software security best practices and regulatory requirements. This section explains how to create reports of aggregate finding data.
Extending product function
Learn how to extend the product to meet specific development requirements.
Reference
Review reference information for HCL® AppScan® Source, including using utilities, plug-ins, and APIs.
Troubleshooting and support
Self-help information, resources, and tools to help you troubleshoot issues while using HCL® AppScan® Source.

Registering applications and projects for publishing to AppScan® Source

Important: This topic applies only if you have upgraded to AppScan® Source version 10.0.2 or higher from a 10.0.1 or earlier version of the product. New installations of AppScan® Source version 10.0.2 do not have this functionality; all user administration of new AppScan® Source installations occurs in AppScan® Enterprise.

Registering applications/projects and publishing assessments results, enables the sharing of critical security data across the team (assessments are published to the AppScan® Source Database). Users with the appropriate privileges and permissions can access these assessment results through AppScan® Source for Analysis. In some deployments, registering applications and projects, as well as publishing assessment results, is an administrative task. In other deployments, these are Project Lead/Security Analyst tasks. It is recommended that you limit permissions to only those who need to perform these tasks.