Home
Reference
Review reference information for HCL® AppScan® Source, including using utilities, plug-ins, and APIs.
AppScan® Source Data Access API
The Data Access API provides access to AppScan® Source-generated assessment results, including findings and finding details. It also provides access to assessment metrics such as analysis date and time, lines of code, V-density, and number of findings.
The AppScan® Source for Analysis work environment
To get the most out of AppScan® Source, you should understand the basic concepts behind the AppScan Source for Analysis working environment and how to use the options that best fit your workflow.
Main menu
The main menu bar contains menus that allow you to perform a variety of actions. Your user privileges may regulate the commands that are available to you in these menus.

Welcome
Welcome to the documentation for HCL® AppScan® Source.
What's New
Explore these new features that have been added to AppScan® Source - and note any features and capabilities that have been deprecated in this release.
Installing
Learn how to install, upgrade, and activate HCL® AppScan® Source.
Configuring
Learn how to configure applications, folders, and projects, and set attributes and properties in HCL® AppScan® Source.
Administering
Learn how to administer user accounts and permissions, audit user activity, and manage integrations in HCL® AppScan® Source.
Scanning
This section explains how to scan your source code and manage assessments in HCL® AppScan® Source.
Triage and analysis
Grouping similar findings allows security analysts or IT auditors to segment and triage source code problems. This section explains how to triage AppScan® Source assessments and analyze results.
Reporting
Security analysts and risk managers can access reports of select findings or a series of audit reports that measure compliance with software security best practices and regulatory requirements. This section explains how to create reports of aggregate finding data.
Extending product function
Learn how to extend the product to meet specific development requirements.
Reference
Review reference information for HCL® AppScan® Source, including using utilities, plug-ins, and APIs.
- The Ounce/Make build utility
  Ounce/Make is a tool that automates the importing of configuration information into AppScan® Source from build environments that use makefile. Ounce/Make eliminates the need to import configuration information from makefiles manually; this the recommended method of configuring these projects.
- AppScan® Source command line interface (CLI)
  The CLI is an interface to core AppScan® Source functionality.
- The Ounce/Ant build tool
  This section describes how to use Ounce/Ant, an AppScan® Source build utility that integrates AppScan Source and Apache Ant. Integrating Ounce/Ant with your Ant environment helps you automate builds and code assessments.
- AppScan® Source Data Access API
  The Data Access API provides access to AppScan® Source-generated assessment results, including findings and finding details. It also provides access to assessment metrics such as analysis date and time, lines of code, V-density, and number of findings.
  - Data Access API object model
  - Using the Data Access API
    You can find complete examples for a number of Data Access API scenarios in the SamplePublished.java and SampleSdk.java files included in <install_dir>\sdk\sample\com\ouncelabs\sdk\sample (where <install_dir> is the location of your AppScan® Source installation).
  - Data Access API classes and methods
  - Ounce/Maven plug-in
    This section describes the Ounce/Maven plug-in, which uses Maven, an Apache build tool, to integrate AppScan® Source into the Maven workflow.
  - AppScan® Source for Automation
    The Automation Server (ounceautod) allows you to automate key aspects of the AppScan® Source workflow and integrate security with build environments during the software development life cycle (SDLC). The Automation Server allows you to queue requests to scan and publish assessments, and generate reports on the security of application code.
  - Framework for Frameworks handling APIs
    AppScan® Source provides a set of Java™ APIs that allow you to add support for frameworks that are used in your applications. The classes and methods offered in these APIs allow you to account for frameworks for which built-in support is not provided.
  - AppScan® Source client component error messages
  - AppScan® Source for Analysis samples
    AppScan® Source for Analysis includes a sample applicationsample applications that you can use to familiarize yourself with the product.
  - The AppScan® Source for Analysis work environment
    To get the most out of AppScan® Source, you should understand the basic concepts behind the AppScan Source for Analysis working environment and how to use the options that best fit your workflow.
    - The AppScan® Source for Analysis workbench
      AppScan® Source for Analysis workflow occurs in a workbench, which consists of perspectives, views, and editors that display or are hidden, depending on context.
    - Main menu
      The main menu bar contains menus that allow you to perform a variety of actions. Your user privileges may regulate the commands that are available to you in these menus.
      - File menu
        The File menu offers options for applications, folders, projects, and assessments - and allows you to exit the product. Some File menu items are context-sensitive and depend on the active view and the currently-selected item in that view.
      - Edit menu
        This menu offers standard modification and search/replace controls. This menu is also used for launching product preferences. Some Edit menu items are context-sensitive and depend on the active view and the currently-selected item in that view.
      - Scan menu
        From the Scan menu, you manage scans of a selected application, folder, project, or file.
      - Tools menu
        This menu includes options for comparing assessments and generating reports - and for reviewing files or findings in an editor. Some Tools menu items are context-sensitive and depend on the active view and the currently-selected item in that view.
      - Admin menu
        The Admin menu provides actions that allow you to manage users and launch audit information.
      - View menu
        The View menu controls the display of each view or selects an open view.
      - Perspective menu
        The Perspective menu controls the display of AppScan® Source for Analysis perspectives, which are pre-configured collections of views and options.
      - Help menu
        The Help menu includes actions that open a variety of tools that assist with product usage. These include the product welcome, online user assistance, and the AppScan® Source Security Knowledgebase.
    - Toolbars
      Toolbars in the AppScan® Source for Analysis workbench provide graphical shortcuts to commands. To identify a particular toolbar icon, pause the mouse briefly over the icon until hover help appears. The toolbar buttons represent frequently used operations (also found in the Main menu). Toolbar operations are context-dependent.
    - Hover help
      Hover help is a form of context-sensitive help that displays in a small pop-up window when the mouse pointer is over an element of the interface. A brief description of the interface element is displayed in the pop-up window.
    - Status bar
      The status bar, located along the bottom of the workbench, displays informational messages that identify the current action, such as a scan.
  - Views and windows
    AppScan® Source for Development views and windows provide alternative presentations of findings, support code editing, and allow you to navigate the information in your workbench. A view might appear by itself, or stacked with other views in a tabbed notebook. You can change the layout of a perspective or window layout by opening and closing views and by docking them in different positions in the Workbench window.
  - CWE support
    The Common Weakness Enumeration (CWE) is an industry standard list that provides common names for publicly known software weaknesses. This topic lists the CWE IDs that are supported in the current version of AppScan® Source.
- Glossary
  Learn common product terminology.
Troubleshooting and support
Self-help information, resources, and tools to help you troubleshoot issues while using HCL® AppScan® Source.

Main menu

The main menu bar contains menus that allow you to perform a variety of actions. Your user privileges may regulate the commands that are available to you in these menus.