Home
Getting started
Welcome to the documentation for HCL AppScan on Cloud, where you can find information about how to install, maintain, and use this service.
Roles and workflows
Learn about different ASoC tasks and workflows for different authorized ASoC users with a valid subscription.

Getting started
Welcome to the documentation for HCL AppScan on Cloud, where you can find information about how to install, maintain, and use this service.
- About HCL AppScan on Cloud
  Security is about protecting your valuable assets. Some of the most important assets your organization owns are in the form of information, such as intellectual property, strategic plans, and customer data. Protecting this information is critical for your organization to continue to operate, be competitive, and meet regulatory requirements.
- Roles and workflows
  Learn about different ASoC tasks and workflows for different authorized ASoC users with a valid subscription.
- What's new in AppScan on Cloud
  Discover upcoming and recently added features.
- System requirements
  System requirements and supported operating systems and languages for the ASoC analyzers. Also learn about the supported browsers and minimum resolution for the service.
- Creating an ASoC account
- Data center selection
- Subscriptions
  My Subscriptions shows the status of all your organization's subscriptions, including the number applications or scans remaining, and the start and end dates.
- Sample apps and scripts
  Use these sample applications to practice scanning with ASoC.
- Demo videos
  These "how-to" videos demonstrate using ASoC and how it fits into your workflow, and offer tips and tricks.
- Contact and support
  Useful links to human and online resources.
- Certifications
  ISO/IEC certificates
- Licensing
- Trial Terms of Use
  TRIAL AGREEMENT FOR HCL APPSCAN ON CLOUD SERVICE
Navigation
This section describes the items on the main AppScan on Cloud menu bar, with links to more detailed information.
Administration
Define users, applications, policies, and configure DevOps integrations.
Dynamic analysis
AppScan on Cloud performs security scans for web-applications for production, staging and development environments. For development environments it is aided by Private Site Scanning technology to scan applications not accessible to the open Internet.
Interactive monitoring
Using an agent installed on your application, ASoC identifies security vulnerabilities in your application during runtime by monitoring all interactions, both legitimate and malicious. The process is "passive," in the sense that IAST does not send its own tests, and can therefore run indefinitely.
Software Composition Analysis
Use Software Composition Analysis (SCA) to scan for security vulnerabilities in open source and third-party packages used by your code. SCA includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).
Static analysis
Use static analysis (SAST) to scan for security vulnerabilities in web and desktop applications. Static analysis includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).
Results
The Scans and Sessions page lists the scans under the categories DAST, SAST, SCA, and IAST, where you can view your scan results, including scan statistics. To view, rescan, or download reports, select a scan.
Troubleshooting
If you experience problems with this service, you can perform these troubleshooting tasks to determine the corrective action to take.
FAQ & Reference
Frequently asked questions, information about integrating ASoC into the product lifecycle (SDLC), and ASoC API documentation.

Roles and workflows

Learn about different ASoC tasks and workflows for different authorized ASoC users with a valid subscription.

ASoC Roles

Not all ASoC functions and tasks are performed by the same person – though they could be. Ensure the persons performing ASoC tasks have the appropriate permissions on relevant systems and according to company policy for their roles.

Administrative tasks

Administrative tasks are higher-level tasks that enable users to run and report on scans seamlessly within organizational policy and guidelines. Administrator tasks include, but may not be limited to:

Managing the ASoC subscription
Defining and administering users
Defining and administering asset groups
Defining and administering policies
Setting up DevOps integrations
Overseeing audits
Regularly reviewing ASoC operation and settings

User tasks

User tasks are core scanning and remediation tasks. With administrative tasks complete, users can focus on making sure code is clean and secure. User tasks include, but may not be limited to:

Creating applications
Setting up scans
Configuring scan automation
Running scans
Working with logs
Triaging scan results
Understanding issues
Running reports
Remediating code
Rescanning

General workflows

How you work within your organization depends on a variety of factors. However there are some common workflows:

ASoC administrator workflow

Create an ASoC account
Configure DevOps integrations
Set up users
Set up asset groups
Set up policies
Manage installation and use of ASoC components (AppScan Presence,HCL AppScan Traffic Recorder, AppScan Go!)

ASoC user workflow

Set up applications
Configure and run scans: DAST, IAST, or SAST
Triage results, including traces and fix groups
Run reports
Understand issue status and severity
Remediate issues
Rescan
Repeat triage, reporting, and remediation as needed