The main menu bar

This section describes the items on the main ASoC menu bar, and links to more detailed information.

The main manu bar appears as a black, vertical strip of icons on the left side of the screen. By default the menu bar is collapsed, and only the six main icons are shown. Click an empty part of the menu bar to see all items and sub-items, with their full names.
Note: Depending on your permissions, some of the items listed below may not appear on your menu bar.





You must create an application before you can start your first scan.

An ASoC application is a collection of scans related to the same project. It can be a web site, a desktop app, a web service, or any component of an app. Applications enable you to asses risk, identify trends, and make sure that your project is compliant with industry and organization policies.

The Applications page lists all applications in your organization that are within the asset groups to which you are assigned. You can use it to create new applications, and open individual application pages. See All applications


A list of all scans in your applications. The list can be filtered by technology (DAST, SAST, etc.), status (Completed, Failed, etc.), and a search string. Each scan entry can be expanded to show more details. See All Scans


The dashboard helps you track a variety of metrics and trends for you applications. The upper "Current state" area has four pie charts with details of Risk rating, Testing status, Issues, and the five most Common issue types found in the scan. The lower "History" area has three graphs showing changes over time between dates you choose: Risk rating, Testing statu, and Issues.

See Dashboard.

Tools >

Plugins and APIs
Links ot plugins and APIs compatible with ASoC.
Manage AppScan Presences. An AppScan Presence on your server enables you to scan sites not accessible from the Internet, and to incorporate scanning as part of your functional testing. See AppScan Presence.
API key
Used for generating an API key for using the ASoC API.. See REST API, and Generating API Keys.

Organization >

Policies are a way of filtering the issues found in scans so you see only those that are relevant to you. You can create your own policies, or use the pre-defined policies. You can associate up to five policies with any application. See Policies.
Before you can scan, ASoC must verify that it can access the site and that you are entitled to scan it. This view lists domains that have already been verified for your organisation, and lets you verify additional domains.
This view is available to administrators only and is used to create and manage business units.
Subscriptions view shows the status of all your organization's subscriptions, including the number applications or scans left, and the start and end dates. See Subscriptions.

Access management >

Access management contains three pages to help you restrict access to sensitive apps by assigning them to asset groups and then adding specific users to those groups.

Invite and manage users. See Users
Define user roles. See User roles
Asset groups
Asset groups are a way of organising your applications. For each group you create, you can add applications and assign users. Users only see applications in the aset groups to which they are assigned. See Asset groups