Welcome
Welcome to the documentation for HCL® AppScan® Source.
What's New
Explore these new features that have been added to AppScan® Source - and note any features and capabilities that have been deprecated in this release.
Installing
Learn how to install, upgrade, and activate HCL® AppScan® Source.
- System requirements and installation prerequisites
  - Windows system requirements
    Basic Windows system requirements are listed here. For detailed requirements, contact HCL Support.
  - Linux system requirements
    Basic Linux system requirements are listed here. For detailed requirements, contact HCL support.
  - AppScan® Source framework support
    This topic lists the languages that can be scanned in AppScan® Source.
  - AppScan® Source for Analysis and AppScan® Source for Development (Eclipse plug-in) component prerequisite on Linux™
    On Linux™, Eclipse requires the installation of a third-party component in order to render browser-based content. Without this component, AppScan® Source for Analysis and the AppScan Source for Development Eclipse plug-in may exhibit symptoms such as a hang after login or a fail during product use.
  - Interoprability of AppScan® Source and AppScan® Enterprise
  - Plug-ins and integrations for AppScan® Source
  - Secrets scanning
  - System requirements terms
    Terms used in system requirements tables.
- AppScan® Source deployment models
  This section describes three different deployment models and the components that comprise each model.
- Sample installation scenarios
  When installing AppScan® Source, it is important to follow the correct installation workflow. These topics guide you through the workflow involved in some sample installation scenarios.
- Upgrading AppScan® Source
- Advanced installation and activation topics
  This section describes advanced installation options and activation procedures.
- AppScan® Source silent installers
  The AppScan® Source custom installation wizard is used for creating silent installers.
- Activating the software
- Removing AppScan® Source from your system
  You can remove AppScan® Source from the Windows™ Control Panel or with a Linux™ uninstall script. The AppScan Source uninstall does not remove or back up an installed Oracle database. Deleting the AppScan Source user from an Oracle instance is a manual database administrative task.
Configuring
Learn how to configure applications, folders, and projects, and set attributes and properties in HCL® AppScan® Source.
Administering
Learn how to administer user accounts and permissions, audit user activity, and manage integrations in HCL® AppScan® Source.
Scanning
This section explains how to scan your source code and manage assessments in HCL® AppScan® Source.
Triage and analysis
Grouping similar findings allows security analysts or IT auditors to segment and triage source code problems. This section explains how to triage AppScan® Source assessments and analyze results.
Reporting
Security analysts and risk managers can access reports of select findings or a series of audit reports that measure compliance with software security best practices and regulatory requirements. This section explains how to create reports of aggregate finding data.
Extending product function
Learn how to extend the product to meet specific development requirements.
Reference
Review reference information for HCL® AppScan® Source, including using utilities, plug-ins, and APIs.
Troubleshooting and support
Self-help information, resources, and tools to help you troubleshoot issues while using HCL® AppScan® Source.

Secrets scanning

HCL® AppScan® Source supports scanning of secrets for the following platforms and providers:

Alibaba Cloud
Amazon Web Services (AWS)
Atlassian
Azure
Databricks
GitHub
Google Cloud
Open API
Stripe
mongodb
Jenkins

Note: In addition to the platforms and providers listed, our engine also checks for hardcoded passwords, credit card numbers, and Social Security numbers (SSN) when those secrets are detected in the code being scanned.

To take advantage of secrest scanning, you can:

Set up a secrets only project.
Enable secrets scanning for an application, project, folder, or file using the -enablesecrets parameter with the scan CLI command.
Enable secrets scanning globally using the enable_secrets_scanner setting in scan.ozsettings.