The main menu bar

This section describes the items on the main AppScan on Cloud menu bar, with links to more detailed information.

The main menu bar appears as a black, vertical strip of icons on the left side of the screen. By default the menu bar is collapsed, and only the six main icons are shown. Click an empty part of the menu bar to see all items and sub-items, with their full names.
Note: Depending on your permissions, some of the items listed below may not appear on your menu bar.





You must create an application before you can start your first scan.

An ASoC application is a collection of scans related to the same project. It can be a web site, a desktop application, a web service, or any component of an application. Applications enable you to asses risk, identify trends, and make sure that your project is compliant with industry and organization policies.

The Applications page lists all applications in your organization that are within the asset groups to which you are assigned. You can use it to create new applications, and open individual application pages. See All applications

Scans and sessions

A list of all scans in your applications. The list can be filtered by technology (DAST, SAST), status (Completed, Failed, etc.), and a search string. Each scan entry can be expanded to show more details. See Scans and sessions

Libraries Search for and act on open source libraries associated with applications. The seach results can be sorted by name, version, license type, date, and application. View detail information for each library, and control use of libraries according to organizational policies.

See Open source libraries.


The dashboard helps you track a variety of metrics and trends for you applications. The upper Current state area has four pie charts with details of Risk rating, Testing status, Issues, and the five most Common issue types found in the scan. The lower History area has three graphs showing changes over time between dates you choose: Risk rating, Testing status, and Issues.

See Dashboard.

Tools >

Plugins and APIs
Links to plugins and APIs compatible with ASoC.
Manage AppScan Presences. An AppScan Presence on your server enables you to scan sites not accessible from the Internet, and to incorporate scanning as part of your functional testing. See AppScan Presence.
API key
Used for generating an API key for using the ASoC API. See REST API, and Generating API Keys.

Organization >

Policies are a way of filtering the issues found in scans so you see only those that are relevant to you. You can create your own policies, or use the predefined policies. You can associate up to five policies with any application. See Policies.
Before you can scan, ASoC must verify that it can access the site and that you are entitled to scan it. This view lists verified domains for your organization, and lets you verify additional domains.
This view is available to administrators only and is used to create and manage business units.
Subscriptions view shows the status of all your organization's subscriptions, including the number applications or scans left, and the start and end dates. See Subscriptions.
Audit trail
A table detailing user activity including time stamp, user name, activity, object and more. You can configure which columns to show. Administrators see actions of all users; users see their own actions. You can search, filter, and export the displayed data. See Audit trail.

Access management >

Access management contains three pages to help you restrict access to sensitive applications by assigning them to asset groups and then adding specific users to those groups.

Invite and manage users. See Users
Define user roles. See Roles
Asset groups
Asset groups are a way of organizing your applications. For each group you create, you can add applications and assign users. Users only see applications in the asset groups to which they are assigned. See Asset groups