Jump to main content
HCL Logo Help Center
HCL TECHNOLOGIES ABOUT US PRODUCTS & SOLUTIONS RESOURCES CONTACT US
HCL AppScan Source
  • HCL® AppScan® Source V9.0.3.14 documentation
  • Security AppScan Source - Windows and Linux
  • Security AppScan Source -- MacOS
  • General product information for troubleshooting and support
  • Glossary
  1. Home
  2. Security AppScan Source - Windows and Linux

    HCL® AppScan® Source delivers maximum value to every user in your organization who plays a role in software security. Whether a security analyst, quality assurance professional, developer, or executive, the AppScan Source products deliver the functionality, flexibility, and power you need - right to your desktop.

  3. Reference

    Review reference information for the product.

  4. Views

    AppScan® Source for Development views and windows provide alternative presentations of findings, support code editing, and allow you to navigate the information in your workbench. A view might appear by itself, or stacked with other views in a tabbed notebook. You can change the layout of a perspective or window layout by opening and closing views and by docking them in different positions in the Workbench window.

  5. Configuration views

    The views in this section are used for configuring AppScan® Source.

  6. Properties view

    The contents of the Properties view depend on the item that is selected in the Explorer view. Properties apply to all applications, individual applications, projects, or files. Visible properties depend on the language or selected project type.

  • Security AppScan Source - Windows and Linux

    HCL® AppScan® Source delivers maximum value to every user in your organization who plays a role in software security. Whether a security analyst, quality assurance professional, developer, or executive, the AppScan Source products deliver the functionality, flexibility, and power you need - right to your desktop.

    • Overview

      Learn general information about the product.

    • Installing

      Learn how to install the product.

    • Configuring

      Learn how to configure the product.

    • Administering

      Learn how to administer the product.

    • Developing

      Learn how to develop by using the product.

    • Extending product function

      Learn how to extend the product.

    • Reference

      Review reference information for the product.

      • The Ounce/Make build utility

        Ounce/Make is a tool that automates the importing of configuration information into AppScan® Source from build environments that use makefile. Ounce/Make eliminates the need to import configuration information from makefiles manually.

      • AppScan Source command line interface (CLI)

        The CLI is an interface to core AppScan® Source functionality.

      • The Ounce/Ant build tool

        This section describes how to use Ounce/Ant, an AppScan® Source build utility that integrates AppScan Source and Apache Ant. Integrating Ounce/Ant with your Ant environment helps you automate builds and code assessments.

      • AppScan Source Data Access API

        The Data Access API provides access to AppScan® Source-generated assessment results, including findings and finding details. It also provides access to assessment metrics such as analysis date and time, lines of code, V-density, and number of findings.

      • Ounce/Maven plug-in

        This section describes the Ounce/Maven plug-in, which uses Maven, an Apache build tool, to integrate AppScan® Source into the Maven workflow.

      • AppScan Source for Auotmation

        The Automation Server (ounceautod) allows you to automate key aspects of the AppScan® Source workflow and integrate security with build environments during the software development life cycle (SDLC). The Automation Server allows you to queue requests to scan and publish assessments, and generate reports on the security of application code.

      • Framework for Frameworks handling APIs

        AppScan® Source provides a set of Java™ APIs that allow you to add support for frameworks that are used in your applications. The classes and methods offered in these APIs allow you to account for frameworks for which built-in support is not provided.

      • AppScan Source client component error messages

      • AppScan Source for Analysis samples

        AppScan® Source for Analysis includes a sample applicationsample applications that you can use to familiarize yourself with the product.

      • The AppScan Source for Analysis work environment

        To get the most out of AppScan® Source, you should understand the basic concepts behind the AppScan Source for Analysis working environment and how to use the options that best fit your workflow.

      • Views

        AppScan® Source for Development views and windows provide alternative presentations of findings, support code editing, and allow you to navigate the information in your workbench. A view might appear by itself, or stacked with other views in a tabbed notebook. You can change the layout of a perspective or window layout by opening and closing views and by docking them in different positions in the Workbench window.

        • Configuration views

          The views in this section are used for configuring AppScan® Source.

          • Custom Rules view

            In the Custom Rules view, you create custom rules with the Custom Rules Wizard. Add, view, or delete existing rules.

          • Explorer view

            The Explorer view contains a Quick Start section at the top - and an explorer section at the bottom which contains one node, All Applications. The Quick Start section contains several useful links that launch common actions. The explorer section consists of a tree pane that provides a hierarchical view of your resources: applications, projects, directories, and project files, with All Applications as its root. You navigate these resources much like a file browser. As you navigate the view, the selection state of the tree determines the available tabs in the Properties view.

          • Pattern Rule Library view

            Pattern-based scanning is an analysis of your source code based on customized search criteria. The Pattern Rule Library view allows you to view existing pattern-based rules, by language (including the out-of-the-box AppScan® Source pattern rule library). In addition, the view allows you to add rules and patterns for pattern-based scanning.

          • Properties view

            The contents of the Properties view depend on the item that is selected in the Explorer view. Properties apply to all applications, individual applications, projects, or files. Visible properties depend on the language or selected project type.

            • Properties view: all applications

              If you select All Applications in the Explorer view, the Properties view displays the Overview and Filters tabs.

            • Properties view: selected application

              In this view, you configure attributes for the selected application. Application attributes depend on previously-created global attributes.

            • Properties view: selected project

              In this mode of the Properties view, you configure parameters for the selected project. Project attributes depend on previously created global attributes. Properties vary according to the selected project.

            • File properties

              File properties are similar to project dependencies, commonly configured for C/C++ applications.

          • Scan Configuration view

            The Scan Configuration view allows you to create configurations that you can use when launching scans. You can also use the view to set a default scan configuration. In a scan configuration, you can specify source rules to use during a scan - and you can include numerous scan settings. The settings made in a scan configuration can often lead to better scan results - and the ability to save these settings can make scanning easier and more time-efficient.

          • Report Editor

            With the Report Editor, you can edit custom reports or templates or create a new report. Custom reports include any items that are available to a findings report, such as finding information, code snippets, AppScan® Source trace, and remediation content, as well as a vulnerability matrix. Before you start designing new reports, it is recommended that you become familiar with the report creation process by modifying an existing report template in the Report Editor.

        • Views that assist with scan output

          The views in this section are used for viewing and managing scan output.

        • Views that assist with triage

          The views in this section are used for fine-grained scan output viewing and management.

        • Views that allow you to investigate a single finding

          The views in this section are used for investigating single findings.

        • Views that allow you to work with assessments

          The views in this section are used for working with assessments at a high level.

        • Bundles view

          In the Bundles view, you create new bundles, add findings to a bundle, view bundles and notes, rename, or delete a bundle. This view lists the bundle name, any notes attached to the bundle, the number of findings in the bundle, and if the bundle is excluded. Once you open the bundle to see its contents, you can move findings to other bundles, modify the findings, edit the code, or submit the bundle to a defect tracking system.

      • CWE support

        The Common Weakness Enumeration (CWE) is an industry standard list that provides common names for publicly known software weaknesses. This topic lists the CWE IDs that are supported in the current version of AppScan® Source.

    • Glossary

      Learn common product terminology.

    • HCL® AppScan® Source for Development (Eclipse Plug-in)

      With AppScan® Source for Development, you can work in your existing development environment and perform security vulnerability analysis on Java and IBM® MobileFirst Platform projects. Security analysis lets you pinpoint vulnerabilities in the source code and eliminate them entirely with AppScan Source Security Knowledgebase remediation assistance.

Properties view

The contents of the Properties view depend on the item that is selected in the Explorer view. Properties apply to all applications, individual applications, projects, or files. Visible properties depend on the language or selected project type.

  • Properties view: all applications
  • Properties view: selected application
  • Properties view: selected project
  • File properties
© Copyright HCL Technologies Limited 2001, 2019 / About HCL Software / Acquisition FAQ / Government - US Federal / Welcome / Contact Us