HCL AppScan 360° is unified application security, visibility, and risk management. Versatile, scalable, and deployable anywhere.

Learn about different AppScan 360° tasks and workflows for different AppScan 360° users.

Useful links to human and online resources.

The AppScan Central Platform is the foundation of HCL AppScan 360°. It includes the browser-based user interface, APIs, and core server components. The AppScan Central Platform (ASCP) also requires the customer to provide an SQL Server DB and Active Directory (via LDAP).

Static analysis has changed: what was once a security tool is now a core development application. That evolution called for an evolution in the technology. AppScan 360° Static Analysis (AppScan 360° SAST) is a micro-services based, Kubernetes-managed environment that provides static analysis scanning capability in AppScan 360°. AppScan Central Platform (ASCP) communicates with AppScan 360° Static Analysis to execute scans submitted by the end users.

User management allows you to control access to sensitive applications by assigning them to asset groups and then adding specific users to those groups.

An application is a collection of scans related to the same project. It can be a web site, a desktop app, a mobile app, a web service, or any component of an app. Applications enable you to asses risk, identify trends, and make sure that your project is compliant with industry and organization policies.

You can apply the predefined policies, as well as your own custom policies, to show only data for the issues that are relevant for you.

Tools for incorporating AppScan 360° in your software development lifecycle.

A personal scan is a way of evaluating the relative security of an application in development without affecting overall application scan data (issues, for example), or compliance.

The audit trail (Organization > Audit trail) logs user activity.

The Applications page lists all applications in your organization that are within the asset groups to which you are assigned. From the Applications page you can create new applications and open individual application pages.

This view lists all scans and sessions in all your applications.

The main dashboard is the third item on the main menu bar. It gives you a detailed overview of the current state and history of all your applications.

Supported operating systems and the types of files, locations, and projects that can be scanned by AppScan 360° when you perform static analysis.

To scan source code for security vulnerabilities, follow the steps in these topics.

If you experience problems with static analysis, you can perform these troubleshooting tasks to determine the corrective action to take.

The Issues page for an application shows all issues found. You can apply a variety of filters to see the issues you need, and click on any issue to open the detailed issue information pane.

Fix groups currently apply only to issues found in static analysis scans.

Generate reports for issues discovered in an application. Send reports to send to developers, internal auditors, penetration testers, managers, and the CISO. Security information might be extensive, and can be filtered depending on your requirements.

All issues are classified as new by default. You can see an issue classification by viewing the issue status.

Issues can be classified as Open, In Progress, Noise, Reopened, Passed, and Fixed.

Issues can be classified as they appear in the Issues grid of an application.

After risks are determined and vulnerabilities are prioritized, your security team can start the remediation process.

Following your first scan, as you fix issues you can scan the same application again multiple times and overwrite the previous results; the dashboard always displays the current results. When you scan again (rather than starting a new scan), the rescan overwrites the previous one.

Some frequently asked questions.

Tables showing threat classes of issues tested for by AppScan 360°, and their related CWE numbers.

This section describes how to save response data as in CSV format.