Home
Static analysis
Use static analysis (SAST) to scan for security vulnerabilities in web and desktop applications. Static analysis includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).

Getting started
Welcome to the documentation for HCL AppScan 360°, where you can find information about how to install, maintain, and use this service.
Installation
Administration
Define users, applications, policies, and configure DevOps integrations.
Navigation
This section describes the items on the main AppScan 360° menu bar, with links to more detailed information.
Static analysis
Use static analysis (SAST) to scan for security vulnerabilities in web and desktop applications. Static analysis includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).
- System requirements for static analysis
  Supported operating systems and the types of files, locations, and projects that can be scanned by AppScan 360° when you perform static analysis.
- Scanning for security vulnerabilities
  To scan source code for security vulnerabilities, follow the steps in these topics.
- Sample applications and scripts
- Static analysis troubleshooting
  If you experience problems with static analysis, you can perform these troubleshooting tasks to determine the corrective action to take.
Results
The Scan History tab of your application displays your scan results (including scan statistics) and rescan options.
Reference
Some frequently asked questions, and information about integrating AppScan 360° into the product lifecycle (SDLC).

Static analysis (SAST)

Use static analysis (SAST) to scan for security vulnerabilities in web and desktop applications. Static analysis includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).

To perform static analysis, either use AppScan Go! or download a small client utility and use its command line interface (CLI) perform security analysis on either source code or binary files for all supported languages. Static analysis plug-ins are available through their respective marketplaces. Once plugins are installed, you can scan Java projects in Eclipse or .NET (C#, ASP.NET, VB.NET) projects in Visual Studio. Additional information on plugins and integrations is listed here.

AppScan 360° looks for and scans specific file types associated with supported languages. For applications written in languages such as Ruby, AppScan 360° scans source code. For applications written in languages such as Java, AppScan 360° scans binary files of built code. To learn about all of the languages that are supported for static analysis scans, see Static analysis language support.

Note: Software Composition Analysis (SCA) is not available in this version of AppScan 360°.