Home
Results
The Scans and Sessions page lists scans under the categories where you can view your scan results, including scan statistics. To view, rescan, or download reports, select a scan.
Issues
The Issues page for an application shows all issues found. You can apply a variety of filters to see the issues you need, and click on any issue to open the detailed issue information pane.
Issue information
The Issue information pane shows all content available for the issue.

Getting started
Welcome to the documentation for HCL AppScan 360°, where you can find information about how to install, maintain, and use this service.
Installation
Learn how to install the AppScan Central Platform and AppScan 360° Static Analysis.
Administration
Define users, applications, policies, and configure DevOps integrations.
Navigation
This section describes the items on the main AppScan 360° menu bar, with links to more detailed information.
Static analysis
Use static analysis (SAST) to scan for security vulnerabilities in web and desktop applications. Static analysis includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).
Results
The Scans and Sessions page lists scans under the categories where you can view your scan results, including scan statistics. To view, rescan, or download reports, select a scan.
- Sample Security Reports
- Application reports
- Scan data
- Issues
  The Issues page for an application shows all issues found. You can apply a variety of filters to see the issues you need, and click on any issue to open the detailed issue information pane.
  - Issue information
    The Issue information pane shows all content available for the issue.
  - Issue status
    Issues can be classified as Open, In Progress, Noise, Reopened, Passed, and Fixed.
  - Issue severity
    Issues can be classified as they appear in the Issues grid of an application.
  - Triaging issues
    All issues are classified as new by default. You can see an issue classification by viewing the issue status.
  - Importing issues from third-party scanners
    Whether you use third-party scanners or conduct manual penetration tests to discover issues, you can import the issues from a CSV file into AppScan 360° for triaging.
- Fix groups
  Fix groups currently apply only to issues found in static analysis scans.
- Reports
  Generate reports for issues discovered in an application. Send reports to send to developers, internal auditors, penetration testers, managers, and the CISO. Security information might be extensive, and can be filtered depending on your requirements.
- Remediation
  After risks are determined and vulnerabilities are prioritized, your security team can start the remediation process.
- Rescanning
  Following your first scan, as you fix issues you can scan the same application again multiple times and overwrite the previous results; the dashboard always displays the current results. When you scan again (rather than starting a new scan), the rescan overwrites the previous one.
Reference
Some frequently asked questions, and information about integrating AppScan 360° into the product lifecycle (SDLC).

Issue information pane

The Issue information pane shows all content available for the issue.

To open the Issues pane for an issue:

On the Issues page, click a specific issue.
The Issue information pane opens to the right of the screen.
Tip: You can toggle between issues by selecting different issues on the main page, with the information pane open.

Issue information pane tabs


Tab	Description
Issue details	Displays the issue ID and an overview of issues details in several collapsible tiles: issue type, test requests and responses, and where possible highlights the part of the code where the vulnerability is contained or shown. The information displays in one of several tiles Details tile: Issue type, source, sink, caller, trace, fix method (depending on issue type). Related: Fix group and fix group ID, where applicable. Parameters tile: How and when the issue was found, type, status, severity, scanner, and location.
Source code	View the source code associated with the issue for faster and more efficient issue triage. Click Add directory to associate a local source code directory with the issue. The source code is not uploaded to AppScan 360° and remains private. Note: The Source code tab is not available for all issues.
How to fix	Offers detailed information on cause, risk, exploit example, fix recommendation, CWE, related articles and external references. Where possible, a large selection of code-specific information is available by clicking the relevant code name (.Net, Angular, Apex and so on) directly underneath the issue name.
Comments	Use this tab to add your own comments that will be visible to you and other users, and included in reports.
Audit trail	The audit trail for this issue.

\