Home
Results
The Scans and Sessions page lists scans under the categories where you can view your scan results, including scan statistics. To view, rescan, or download reports, select a scan.
Issues
The Issues page for an application, by default displays non-compliant issues only. You can apply a variety of filters to see the issues you need, and click on any issue to open the detailed issue information pane.
Importing issues from third-party scanners
Whether you use third-party scanners or conduct manual penetration tests to discover issues, you can import the issues from a CSV file into AppScan 360° for triaging.

Getting started
Welcome to the documentation for HCL AppScan 360°, where you can find information about how to install, maintain, and use this service.
Installation
Learn about AppScan 360° architecture and how to install the product.
Administration
Define users, applications, policies, and configure DevOps integrations.
Navigation
This section describes the items on the main AppScan 360° menu bar, with links to more detailed information.
Dynamic analysis
AppScan on Cloud performs security scans for web-applications for production, staging and development environments.
Static analysis
Use static analysis (SAST) to scan for security vulnerabilities in web and desktop applications. Static analysis includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).
Results
The Scans and Sessions page lists scans under the categories where you can view your scan results, including scan statistics. To view, rescan, or download reports, select a scan.
- Sample Security Reports
- Application reports
- Scan data
- Issues
  The Issues page for an application, by default displays non-compliant issues only. You can apply a variety of filters to see the issues you need, and click on any issue to open the detailed issue information pane.
  - Issue information
    The Issue information pane shows all content available for the issue.
  - Issue status
    Issues can be classified as Open, In Progress, Noise, Reopened, Passed, and Fixed.
  - Issue severity
    Issues can be classified as they appear in the Issues grid of an application.
  - Triaging issues
    All issues are classified as new by default. You can see an issue classification by viewing the issue status.
  - Importing issues from third-party scanners
    Whether you use third-party scanners or conduct manual penetration tests to discover issues, you can import the issues from a CSV file into AppScan 360° for triaging.
    - Issue attributes in CSV
      This page lists the issue attributes that can be used in a CVS file, when importing issues to ASoC.
- Fix groups
  Fix groups currently apply only to issues found in static analysis scans.
- Reports
  Generate reports for issues discovered in an application. Send reports to send to developers, internal auditors, penetration testers, managers, and the CISO. Security information might be extensive, and can be filtered depending on your requirements.
- Remediation
  After risks are determined and vulnerabilities are prioritized, your security team can start the remediation process.
- Rescanning
  Following your first scan, as you fix issues you can scan the same application again multiple times and overwrite the previous results; the dashboard always displays the current results. When you scan again (rather than starting a new scan), the rescan overwrites the previous one.
Reference
Some frequently asked questions, and information about integrating AppScan 360° into the product lifecycle (SDLC).

Importing issues from third-party scanners

Whether you use third-party scanners or conduct manual penetration tests to discover issues, you can import the issues from a CSV file into AppScan 360° for triaging.

Procedure

Download the Sample CSV file (also available from the Import Issues dialog box) to see which issue attributes can be imported to AppScan 360°.

Tip: Modify the sample CSV file and use it as a template for all of your third-party scanners.
Scan your environment for vulnerabilities and export a comma-separated value (CSV) file of the issues.
Note:
- Use the English column headers shown in the sample file, not translated versions.
- Make sure that the CSV uses UTF-8 encoding.
- The file size limit is 200 MB.
- If the field or cell contains a comma, the field or cell must be enclosed by double quotation marks (").
Import the issues:
1. On an Application tab, go to the Issues view and click Import Issues.
2. Locate the file, give it a scan or test name, and click Import. Check the import log for errors. Otherwise, close the dialog.