Jump to main content
HCL Logo Product Documentation
Customer Support Software Academy Community Forums
HCL AppScan Source
  • Welcome
  • What's New
  • Installing
  • Configuring
  • Administering
  • Scanning
  • Triage and analysis
  • Reporting
  • Extending product function
  • Reference
  • Troubleshooting and support
  1. Home
  2. Reference

    Review reference information for HCL® AppScan® Source, including using utilities, plug-ins, and APIs.

  3. AppScan® Source Data Access API

    The Data Access API provides access to AppScan® Source-generated assessment results, including findings and finding details. It also provides access to assessment metrics such as analysis date and time, lines of code, V-density, and number of findings.

  4. Views and windows

    AppScan® Source for Development views and windows provide alternative presentations of findings, support code editing, and allow you to navigate the information in your workbench. A view might appear by itself, or stacked with other views in a tabbed notebook. You can change the layout of a perspective or window layout by opening and closing views and by docking them in different positions in the Workbench window.

  5. Views that allow you to investigate a single finding

    The views in this section are used for investigating single findings.

  • Welcome

    Welcome to the documentation for HCL® AppScan® Source.

  • What's New

    Explore these new features that have been added to AppScan® Source - and note any features and capabilities that have been deprecated in this release.

  • Installing

    Learn how to install, upgrade, and activate HCL® AppScan® Source.

  • Configuring

    Learn how to configure applications, folders, and projects, and set attributes and properties in HCL® AppScan® Source.

  • Administering

    Learn how to administer user accounts and permissions, audit user activity, and manage integrations in HCL® AppScan® Source.

  • Scanning

    This section explains how to scan your source code and manage assessments in HCL® AppScan® Source.

  • Triage and analysis

    Grouping similar findings allows security analysts or IT auditors to segment and triage source code problems. This section explains how to triage AppScan® Source assessments and analyze results.

  • Reporting

    Security analysts and risk managers can access reports of select findings or a series of audit reports that measure compliance with software security best practices and regulatory requirements. This section explains how to create reports of aggregate finding data.

  • Extending product function

    Learn how to extend the product to meet specific development requirements.

  • Reference

    Review reference information for HCL® AppScan® Source, including using utilities, plug-ins, and APIs.

    • The Ounce/Make build utility

      Ounce/Make is a tool that automates the importing of configuration information into AppScan® Source from build environments that use makefile. Ounce/Make eliminates the need to import configuration information from makefiles manually; this the recommended method of configuring these projects.

    • AppScan® Source command line interface (CLI)

      The CLI is an interface to core AppScan® Source functionality.

    • The Ounce/Ant build tool

      This section describes how to use Ounce/Ant, an AppScan® Source build utility that integrates AppScan Source and Apache Ant. Integrating Ounce/Ant with your Ant environment helps you automate builds and code assessments.

    • AppScan® Source Data Access API

      The Data Access API provides access to AppScan® Source-generated assessment results, including findings and finding details. It also provides access to assessment metrics such as analysis date and time, lines of code, V-density, and number of findings.

      • Data Access API object model

      • Using the Data Access API

        You can find complete examples for a number of Data Access API scenarios in the SamplePublished.java and SampleSdk.java files included in <install_dir>\sdk\sample\com\ouncelabs\sdk\sample (where <install_dir> is the location of your AppScan® Source installation).

      • Data Access API classes and methods

      • Ounce/Maven plug-in

        This section describes the Ounce/Maven plug-in, which uses Maven, an Apache build tool, to integrate AppScan® Source into the Maven workflow.

      • AppScan® Source for Automation

        The Automation Server (ounceautod) allows you to automate key aspects of the AppScan® Source workflow and integrate security with build environments during the software development life cycle (SDLC). The Automation Server allows you to queue requests to scan and publish assessments, and generate reports on the security of application code.

      • Framework for Frameworks handling APIs

        AppScan® Source provides a set of Java™ APIs that allow you to add support for frameworks that are used in your applications. The classes and methods offered in these APIs allow you to account for frameworks for which built-in support is not provided.

      • AppScan® Source client component error messages

      • AppScan® Source for Analysis samples

        AppScan® Source for Analysis includes a sample applicationsample applications that you can use to familiarize yourself with the product.

      • The AppScan® Source for Analysis work environment

        To get the most out of AppScan® Source, you should understand the basic concepts behind the AppScan Source for Analysis working environment and how to use the options that best fit your workflow.

      • Views and windows

        AppScan® Source for Development views and windows provide alternative presentations of findings, support code editing, and allow you to navigate the information in your workbench. A view might appear by itself, or stacked with other views in a tabbed notebook. You can change the layout of a perspective or window layout by opening and closing views and by docking them in different positions in the Workbench window.

        • Configuration views

          The views in this section are used for configuring AppScan® Source.

        • Views that assist with scan output

          The views in this section are used for viewing and managing scan output.

        • Views that assist with triage

          The views in this section are used for fine-grained scan output viewing and management.

        • Views that allow you to investigate a single finding

          The views in this section are used for investigating single findings.

          • Finding Detail view

            When you select a finding, the Finding Detail view displays and allows you to modify its properties. With this view, you can modify an individual finding.

          • How to Fix view

            The AppScan® Source Security Knowledgebase provides context-specific intelligence for each vulnerability. The Knowledgebase tells you what the vulnerability is, why it is insecure, how to fix it, and how to avoid it in the future. Once you scan source code, the Knowledgebase provides the specific information needed to eliminate the risk from your mission-critical applications. Knowledgebase remediation advice appears in the How to Fix view. Once you scan, the Knowledgebase provides the specific information needed to eliminate the risk from your mission-critical applications.

          • Trace view

            AppScan® Source performs input/output analysis and identifies and displays these vulnerabilities. An icon appears in the findings list to identify the row that contains an AppScan Source trace graph.

        • Views that allow you to work with assessments

          The views in this section are used for working with assessments at a high level.

        • Bundles view

          In the Bundles view, you create new bundles, add findings to a bundle, view bundles and notes, rename, or delete a bundle. This view lists the bundle name, any notes attached to the bundle, the number of findings in the bundle, and if the bundle is excluded. Once you open the bundle to see its contents, you can move findings to other bundles, modify the findings, edit the code, or submit the bundle to a defect tracking system.

      • CWE support

        The Common Weakness Enumeration (CWE) is an industry standard list that provides common names for publicly known software weaknesses. This topic lists the CWE IDs that are supported in the current version of AppScan® Source.

    • Glossary

      Learn common product terminology.

  • Troubleshooting and support

    Self-help information, resources, and tools to help you troubleshoot issues while using HCL® AppScan® Source.

Views that allow you to investigate a single finding

The views in this section are used for investigating single findings.

  • Finding Detail view
  • How to Fix view
  • Trace view
  • Finding Detail view
    When you select a finding, the Finding Detail view displays and allows you to modify its properties. With this view, you can modify an individual finding.
  • How to Fix view
    The AppScan® Source Security Knowledgebase provides context-specific intelligence for each vulnerability. The Knowledgebase tells you what the vulnerability is, why it is insecure, how to fix it, and how to avoid it in the future. Once you scan source code, the Knowledgebase provides the specific information needed to eliminate the risk from your mission-critical applications. Knowledgebase remediation advice appears in the How to Fix view. Once you scan, the Knowledgebase provides the specific information needed to eliminate the risk from your mission-critical applications.
  • Trace view
    AppScan® Source performs input/output analysis and identifies and displays these vulnerabilities. An icon appears in the findings list to identify the row that contains an AppScan® Source trace graph.
  • Share: Email
  • Twitter
  • Disclaimer
  • Privacy
  • Terms of use
  • Cookie Preferences