Jump to main content
HCL Logo Help Center
HCL TECHNOLOGIES ABOUT US PRODUCTS & SOLUTIONS RESOURCES CONTACT US
HCL AppScan Source
  • HCL® AppScan® Source V9.0.3.14 documentation
  • Security AppScan Source - Windows and Linux
  • Security AppScan Source -- MacOS
  • General product information for troubleshooting and support
  • Glossary
  1. Home
  2. Security AppScan Source - Windows and Linux

    HCL® AppScan® Source delivers maximum value to every user in your organization who plays a role in software security. Whether a security analyst, quality assurance professional, developer, or executive, the AppScan Source products deliver the functionality, flexibility, and power you need - right to your desktop.

  3. Configuring

    Learn how to configure the product.

  4. Configuring applications and projects

    Before you scan, you must configure applications and projects. This section explains the Application Discovery Assistant, New Application Wizard, and the New Project Wizard. You will learn how to configure attributes for AppScan® Source for Analysis. In addition, this section teaches you how to add existing applications and projects for scanning - and how to add files to projects.

  5. Configuring applications

    You can use the New Application Wizard or the Application Discovery Assistant to create applications. The Application Discovery Assistant automates application setup for you, whereas the New Application Wizard allows you to add applications, guiding you through the configuration process. The wizard helps you manually create a project or add existing projects to an application. This section describes these two methods for adding application and basic configuration tasks.

  6. Adding existing applications

    Existing applications can be added for scanning by dragging and dropping them into the Explorer view - or by using the Add Application action. In addition, WAR and EAR files can be added by dragging and dropping them into the Explorer view.

  • Security AppScan Source - Windows and Linux

    HCL® AppScan® Source delivers maximum value to every user in your organization who plays a role in software security. Whether a security analyst, quality assurance professional, developer, or executive, the AppScan Source products deliver the functionality, flexibility, and power you need - right to your desktop.

    • Overview

      Learn general information about the product.

    • Installing

      Learn how to install the product.

    • Configuring

      Learn how to configure the product.

      • Configuring applications and projects

        Before you scan, you must configure applications and projects. This section explains the Application Discovery Assistant, New Application Wizard, and the New Project Wizard. You will learn how to configure attributes for AppScan® Source for Analysis. In addition, this section teaches you how to add existing applications and projects for scanning - and how to add files to projects.

        • AppScan Source application and project files

          AppScan® Source applications and projects have corresponding files that maintain configuration information required for scanning, as well as triage customization. It is recommended that these files reside in the same directory as the source code, since configuration information (dependencies, compiler options, and so forth) required to build the projects is very similar to that required for AppScan Source to scan them successfully. Best practice includes managing these files with your source control system.

        • Configuring applications

          You can use the New Application Wizard or the Application Discovery Assistant to create applications. The Application Discovery Assistant automates application setup for you, whereas the New Application Wizard allows you to add applications, guiding you through the configuration process. The wizard helps you manually create a project or add existing projects to an application. This section describes these two methods for adding application and basic configuration tasks.

          • Creating a new application with the New Application Wizard

          • Using the Application Delivery Assistant to create applications and projects

            AppScan® Source includes a powerful Application Discovery Assistant which allows you to quickly create and configure applications and projects for Java™ source code and Microsoft™ Visual Studio solutions. The Application Discovery Assistant also allows you to locate Eclipse or Rational® Application Developer for WebSphere® Software (RAD) workspaces that contain Java projects. The Application Discovery Assistant allows you to point to your source, solution, or workspace directory - and then AppScan Source handles the rest.

          • Adding existing applications

            Existing applications can be added for scanning by dragging and dropping them into the Explorer view - or by using the Add Application action. In addition, WAR and EAR files can be added by dragging and dropping them into the Explorer view.

            • Adding an existing application with user interface actions
            • Adding an existing application with drag and drop

          • Adding multiple applications

            Rather than adding just one application at a time, when you first begin working with AppScan® Source for Analysis, you may want to import multiple applications. The Select Applications dialog box allows you to select a root directory from which to search for AppScan Source applications (.paf) or Visual Studio solution files (.sln). Multiple applications can also be added for scanning by dragging and dropping them into the Explorer view.

          • Importing existing Java applications from Apache Tomcat and WebSphere Application Server Liberty profile application servers

            If you have existing Java™ applications that have been deployed to a supported application server, you can automatically import them to AppScan® Source.

          • Adding an Eclipse or Eclipse-based project workspace

            If you have an Eclipse or Rational® Application Developer for WebSphere® Software (RAD) workspace that contains Java™ and/or IBM® MobileFirst Platform projects, you can import it to AppScan® Source for Analysis.

        • Configuring your development environment for Eclipse and Rational Application Developer for WebSphere Software (RAD) projects

          Before you import an Eclipse or Rational® Application Developer for WebSphere® Software (RAD) project, you must properly configure the development environment. Although Eclipse is the basis for each project type, AppScan® Source distinguishes between the different versions.

        • Creating a new proect for an application

          After you add an application, you add projects to it. Project types that can be scanned include: Java/JSP, Xcode (iOS projects only), ASP, C/C++, COBOL, ColdFusion, .NET Assembly, Pattern Based, Perl, PHP, PL/SQL, Python, T-SQL, Visual Basic, and JavaScript™ (including AngularJS and Node.js).

        • Copying projects

          AppScan® Source for Analysis allows you to copy all project types except .NET projects. Modifications to the project do not affect the duplicated project; after you copy a project, there is no connection between the original project and the copied project. When you copy an imported project, you create an AppScan Source project file (.ppf) with all configuration information.

        • Modifying application project properties

          When you select an application or project in the Explorer view, the current properties appear in the Properties view, where you can make modifications.

        • Global attributes

          Global attributes must be defined before they can be associated with individual applications. Global attributes are defined in the Properties view by selecting All Applications in the Explorer view.

        • Application attributes

          Application attributes apply to the currently-selected application and depend on previously created global attributes.

        • Removing applications and projects

          You can remove applications and projects from AppScan® Source for Analysis if they are not registered.

        • Explorer view

          The Explorer view contains a Quick Start section at the top - and an explorer section at the bottom which contains one node, All Applications. The Quick Start section contains several useful links that launch common actions. The explorer section consists of a tree pane that provides a hierarchical view of your resources: applications, projects, directories, and project files, with All Applications as its root. You navigate these resources much like a file browser. As you navigate the view, the selection state of the tree determines the available tabs in the Properties view.

      • Preferences

        Preferences are personal choices about the appearance and operation of AppScan® Source for Analysis.

    • Administering

      Learn how to administer the product.

    • Developing

      Learn how to develop by using the product.

    • Extending product function

      Learn how to extend the product.

    • Reference

      Review reference information for the product.

    • Glossary

      Learn common product terminology.

    • HCL® AppScan® Source for Development (Eclipse Plug-in)

      With AppScan® Source for Development, you can work in your existing development environment and perform security vulnerability analysis on Java and IBM® MobileFirst Platform projects. Security analysis lets you pinpoint vulnerabilities in the source code and eliminate them entirely with AppScan Source Security Knowledgebase remediation assistance.

Adding an existing application

Existing applications can be added for scanning by dragging and dropping them into the Explorer view - or by using the Add Application action. In addition, WAR and EAR files can be added by dragging and dropping them into the Explorer view.

To learn how to add an existing application, see these topics:

  • Adding an existing application with user interface actions
  • Adding an existing application with drag and drop
© Copyright HCL Technologies Limited 2001, 2019 / About HCL Software / Acquisition FAQ / Government - US Federal / Welcome / Contact Us