Review reference information for HCL® AppScan® Source, including using utilities, plug-ins, and APIs.
The Data Access API provides access to AppScan® Source-generated assessment results, including findings and finding details. It also provides access to assessment metrics such as analysis date and time, lines of code, V-density, and number of findings.
Call
The com.ouncelabs.sdk.assessment.Call class represents a node in an AppScan® Source trace.
com.ouncelabs.sdk.assessment.Call
Welcome to the documentation for HCL® AppScan® Source.
Explore these new features that have been added to AppScan® Source - and note any features and capabilities that have been deprecated in this release.
Learn how to install, upgrade, and activate HCL® AppScan® Source.
Learn how to configure applications, folders, and projects, and set attributes and properties in HCL® AppScan® Source.
Learn how to administer user accounts and permissions, audit user activity, and manage integrations in HCL® AppScan® Source.
This section explains how to scan your source code and manage assessments in HCL® AppScan® Source.
Grouping similar findings allows security analysts or IT auditors to segment and triage source code problems. This section explains how to triage AppScan® Source assessments and analyze results.
Security analysts and risk managers can access reports of select findings or a series of audit reports that measure compliance with software security best practices and regulatory requirements. This section explains how to create reports of aggregate finding data.
Learn how to extend the product to meet specific development requirements.
Ounce/Make is a tool that automates the importing of configuration information into AppScan® Source from build environments that use makefile. Ounce/Make eliminates the need to import configuration information from makefiles manually; this the recommended method of configuring these projects.
makefile
makefiles
The CLI is an interface to core AppScan® Source functionality.
This section describes how to use Ounce/Ant, an AppScan® Source build utility that integrates AppScan Source and Apache Ant. Integrating Ounce/Ant with your Ant environment helps you automate builds and code assessments.
You can find complete examples for a number of Data Access API scenarios in the SamplePublished.java and SampleSdk.java files included in <install_dir>\sdk\sample\com\ouncelabs\sdk\sample (where <install_dir> is the location of your AppScan® Source installation).
AssessedFile
The com.ouncelabs.sdk.assessment.AssessedFile class represents an assessment of an individual file. It provides access to assessment data for a file, such as its findings and statistics.
com.ouncelabs.sdk.assessment.AssessedFile
Assessment
The com.ouncelabs.sdk.assessment.Assessment class represents an assessment of an application or a project.
com.ouncelabs.sdk.assessment.Assessment
AssessmentDiff
The com.ouncelabs.sdk.assessment.AssessmentDiff class holds the difference between two assessments, providing the delta between the two assessments .
com.ouncelabs.sdk.assessment.AssessmentDiff
AssessmentFilter
Use the com.ouncelabs.sdk.assessment.AssessmentFilter class to specify filtering criteria when retrieving published assessments.
com.ouncelabs.sdk.assessment.AssessmentFilter
AssessmentResults
The com.ouncelabs.sdk.assessment.AssessmentResults class represents the entire assessment.
com.ouncelabs.sdk.assessment.AssessmentResults
Call.getCalls
Call.getFilename
Call.getLineNumber
Call.getColumnNumber
Call.getSignature
Call.getSrcContext
Call.getMethodName
Call.getClassName
Call.getTraceType
ClassificationType
The com.ouncelabs.sdk.assessment.ClassificationType class represents the classification of a finding.
com.ouncelabs.sdk.assessment.ClassificationType
DateProximityUnit
When com.ouncelabs.sdk.assessment.DateProximityUnit is paired with dateProximityDuration, the unit, such as days, weeks, and so forth, by which to count. Required when dateProximityDuration is specified. Valid units are described in this section.
com.ouncelabs.sdk.assessment.DateProximityUnit
dateProximityDuration
Factory
com.ouncelabs.sdk.Factory provides methods for initialization, logging in, and opening assessments. This class is the entry point into the Data Access API.
com.ouncelabs.sdk.Factory
Finding
The com.ouncelabs.sdk.assessment.Finding class represents an individual finding in an assessment. It provides access to all of the data associated with a finding, such as classification and severity.
com.ouncelabs.sdk.assessment.Finding
This section describes the Ounce/Maven plug-in, which uses Maven, an Apache build tool, to integrate AppScan® Source into the Maven workflow.
The Automation Server (ounceautod) allows you to automate key aspects of the AppScan® Source workflow and integrate security with build environments during the software development life cycle (SDLC). The Automation Server allows you to queue requests to scan and publish assessments, and generate reports on the security of application code.
ounceautod
AppScan® Source provides a set of Java™ APIs that allow you to add support for frameworks that are used in your applications. The classes and methods offered in these APIs allow you to account for frameworks for which built-in support is not provided.
AppScan® Source for Analysis includes a sample applicationsample applications that you can use to familiarize yourself with the product.
To get the most out of AppScan® Source, you should understand the basic concepts behind the AppScan Source for Analysis working environment and how to use the options that best fit your workflow.
AppScan® Source for Development views and windows provide alternative presentations of findings, support code editing, and allow you to navigate the information in your workbench. A view might appear by itself, or stacked with other views in a tabbed notebook. You can change the layout of a perspective or window layout by opening and closing views and by docking them in different positions in the Workbench window.
The Common Weakness Enumeration (CWE) is an industry standard list that provides common names for publicly known software weaknesses. This topic lists the CWE IDs that are supported in the current version of AppScan® Source.
Learn common product terminology.
Self-help information, resources, and tools to help you troubleshoot issues while using HCL® AppScan® Source.