Licensing overview
- Log in to the portal with your HCL credentials.
- See .
Note: For information about the HCL license portal, see What is the HCL License & Delivery Portal.
License types
There are two types of licenses in AppScan® Source:
-
Floating licenses
Floating licenses are installed onto a cloud license server or a local license server. Any machine on which AppScan® Source is used must have a network connection with server on which the floating license is installed. Each time a user opens AppScan® Source, a license is checked out; when AppScan® Source is closed, the license is checked back in.
-
Node-locked licenses
A node-locked license is a single license that is assigned to a single machine.
AppScan® Source requires a separate license key for each of the four AppScan® Source products. The licenses are either node-locked or floating. To use most of the AppScan® Source products, you also need a license for installing the AppScan® Enterprise Server.
- AppScan® Source for
AnalysisAppScan® Source for Analysis is a standalone application for viewing assessments, running scans, and generating reports. It requires a license feature named AppScanSourceSec for floating licenses and AppScanSourceSecAuth for the node-locked license:
- Floating License: HCL AppScan Source for Analysis Floating User.
- Node-locked License: HCL AppScan Source for Analysis Authorized User.
- AppScan® Source for
RemediationAppScan® Source for Remediation is a plug-in for the Eclipse and Visual Studio development environments. It allows you to open and view assessment files. It requires a license feature named AppScanSourceRemfor floating license and AppScanSourceRemAuthfor the node-locked license:
- Floating License: HCL AppScan Source for Remediation Floating User.
- Node-locked License: HCL AppScan Source for Remediation Authorized User.
- AppScan® Source for
DevelopmentAppScan® Source for Development is a plug-in for scanning capability in Eclipse and Visual Studio development environments. It allows you to scan source code for security vulnerabilities. However, this component also requires remediation license to open, view and modify assessments. If you order the AppScan® Enterprisecomponent, you will receive a set of both licenses. It requires a license feature named AppScanSourceDev for floating license and AppScanSourceDevAuthfor the node-locked license.
- Floating License: HCL AppsScan Source for Developer Floating User.
- Node-locked License: HCL AppScan Source for Developer Authorized User.
- AppScan® Source for
AutomationAppScan® Source for Automation is a server installation that is targeted for build environments. The license key is called AppScanSourceAuto for floating license and AppScanSourceAutoAuthfor the node-locked license. There are two tools that require an automation license:
- The command line tool,
AppScanSrcCli
, can be run manually from a shell or called by a script. - The ounceauto service or daemon, which is used for automating scans (often with various build tools such as Build Forge, Jenkins, and Apache Maven).
- Floating License: HCL AppScan Source for Automation Floating User.
- Node-locked License: HCL AppScan Source for Automation Single Install.
- The command line tool,
AppScan® Enterprise Server
In addition, to be able to use most features in AppScan® Sourcee, you need to install the User Administration part of AppScan® Enterprise. AppScan® Enterprise user administration is needed to authenticate users of AppScan® Source applications, and it requires an AppScanServerPremium or AppScanServerBasic license. If you do not use the AppScan® Enterprise server for this product, you cannot access shared items such as filters, scan configurations, and custom rules.
These AppScan® Enterprise licenses are described in Licensing for AppScan Enterprise.