scan (sc)
Description
Scans an application (or all applications), project, folder (or all folders), or file. A valid AppScan® Source for Automation license is required for use of this command.
Important: If you are working with
an AppScan®
Source project
that has dependencies in a development environment (for example, an IBM® MobileFirst
Platform project),
ensure that you build the project in the development environment before
importing it. After importing the project, if you modify files in
it, be sure to rebuild it in the development environment before scanning
in AppScan®
Source (if
you do not do this, modifications made to files will be ignored by AppScan®
Source).
Note: When scanning folders, by default all the files in the target folder
are scanned, regardless of language. As such, the scan results can differ from
scanning applications or projects. To target specific files, create an
appscan-config.xml
file to define the scan targets.
When an appscan-config.xml
file is present in the target folder,
then the configuration information therein is considered automatically by the
scanning process.Syntax
scan [path][config <proj_config>][-name <assessment_name>][-scanconfig <scan_configuration_name>] [-sourcecodeonly <true/false>] [-enablesecrets <true/false>] [-secretsonly <true/false>] [-waitforlicense <wait_time>]
path
: Optional. Full path and file name (.ozasmt) that the exported assessment will be saved as.Note:- If you specify a valid directory without a file name, an assessment file (.ozasmt) will be created for you based on the application name, project name, and scan configuration used when creating the assessment.
- If you specify a valid directory with a file name that does not exist, an assessment file will be created in that location using the file name specified.
- If you specify a file that already exists, the existing file will be overwritten.
- If you specify a file name (.ozasmt) in a directory that does not exist, no assessment will be saved.
config <proj_config>
: Optional. This argument is only valid for project-level assessments. If your project has a configuration file, specify it using this argument.-name <assessment_name>
: Optional. Provide a name for the assessment. The AppScan® Source client products use this name to distinguish assessments from one another (for example, in AppScan® Source for Analysis, the name appears in the Name column of the My Assessments view).-enablesecrets <true/false>
: Optional. Specify to scan source files with secret scanner in addition to the other relevant scanners. Valid values aretrue
andfalse
.Note:-enablesecrets
and-secretsonly
are mutually exclusive. They cannot be true at the same time.Note: You can enable secrets scanning globally using theenable_secrets_scanner
setting in scan.ozsettings.-scanconfig <scan_configuration_name>
: Optional. Specify the name of a scan configuration to use for the scan. If a scan configuration is not specified, the default scan configuration will be used for the scan.-secretsonly <true/false>
: Optional. Specify to scan source files only with secret scanner. Valid values aretrue
andfalse
.Note:-enablesecrets
and-secretsonly
are mutually exclusive. They cannot be true at the same time.-sourcecodeonly <true/false>
: Optional. Specify to scan only source files and ignore other supported file types (.dll
,.exe
). Valid values aretrue
andfalse
-waitforlicense <wait_time>
: Optional. Specify the wait time in minutes for which a scan will wait when a AppScan® Source for Automation license is not available. If a wait time is not indicated using-waitforlicense
, a default value is drawn fromCLI.ozsettings
. Wait time can be disabled by setting the value to 0.
Note: The
-enablesecrets
, -secretsonly
, and
-sourcecodeonly
options are supported only in case of folder scans. It
does not apply to application and project scans. Examples
- To scan the default configurations of projects in all applications:
AllApplications>> Scan
The results appear as:
New Scan started . . Preparing for Vulnerability Analysis... Performing Vulnerability Analysis... Generating Findings... Preparing project for scan... . . Scanned Project: Total files: 15 Total findings: 167 Total lines: 385 vkloc: 0.44448395412925595 v-Density: 22.446439683527426 Scanned Application: Total files: 15 Total findings: 167 Total lines: 385 vkloc: 0.44448395412925595 v-Density: 22.446439683527426 Scan completed: Total files: 15 Total findings: 167 Total lines: 385 vkloc: 0.44448395412925595 v-Density: 22.446439683527426 Elapsed Time - 18 Seconds
New Scan started. Please wait... Assessment complete ------------------- Total Call Sites: 75 Total Definitive Security Findings with High Severity: 25 Total Definitive Security Findings with Medium Severity: 37 Total Definitive Security Findings with Low Severity: 9 Total Suspect Security Findings with High Severity: 20 Total Suspect Security Findings with Medium Severity: 80 Total Suspect Security Findings with Low Severity: 60 Total Scan Coverage Findings with High Severity: 50 Total Scan Coverage Findings with Medium Severity: 33 Total Scan Coverage Findings with Low Severity: 17 Total Lines: 3000 ...
- To scan the debug configuration of Prj1:
AllApplications\Prj1>> SC config debug
- To scan a
folder:
AllApplications>> of C:\workspace\SimpleIOT SimpleIOT>> Scan