Jump to main content
HCL Logo Product Documentation
  • Customer Support
HCL AppScan on Cloud Help
  • Welcome
  • Getting started
  • Menu bar
  • Users
  • Applications
  • AppScan Presence
  • Scanning and monitoring
  • Policies
  • Results
  • DevOps
  • Troubleshooting
  • FAQ & Reference
  1. Home
  2. Scanning and monitoring

    Learn how to run scans and IAST monitoring sessions on your apps, and import issues from 3rd party scanners.

  • Scanning and monitoring

    Learn how to run scans and IAST monitoring sessions on your apps, and import issues from 3rd party scanners.

    • Sample apps and scripts

      Use these sample applications to practice scanning with ASoC.

    • Dynamic (DAST) scanning

      ASoC can perform dynamic analysis of an application that runs in a browser. Use the configuration options available in ASoC, or upload an AppScan Standard configuration.

    • Static (SAST) scanning

      Use static analysis to scan applications for security vulnerabilities. To accomplish this, either use AppScan Go! or download a small client utility and use its command line interface (CLI) perform security analysis on on either source code or binary files for all supported languages. Static analysis plug-ins for Eclipse, IntelliJ IDEA, and Visual Studio are available through their respective marketplaces. Once plugins are installed, you can scan Java projects in Eclipse and IntelliJ IDEA, or .NET (C#, ASP.NET, VB.NET) projects in Visual Studio. Additional information on plugins and integrations is listed here.

    • Open source testing

      Open source testing locates and analyzes open source packages in your code. Our Software Composition Analysis (SCA) aggregates information from a variety of sources, constantly monitoring for new vulnerabilities in an automated process that keeps our information up-to-date daily. Sources include the most popular security vulnerability databases (NVD, Github advisory, Microsoft MSRC), and a wide range of lesser-known security advisories and open source project issue trackers.

    • Interactive (IAST) monitoring

      ASoC can monitor normal application runtime behavior, to detect vulnerabilities.

    • Scan status
    • Personal scans

      A personal scan is a way of evaluating the relative security of an application in development without affecting overall application scan data, or compliance.

    • Private sites

      An AppScan Presence on your server enables you to scan sites not accessible from the Internet.

Scanning and monitoring

Learn how to run scans and IAST monitoring sessions on your apps, and import issues from 3rd party scanners.

Use the Create scan wizard to select the type of scan you want to run. Start the wizard from Application > Application > Scans.

  • Sample applications and scripts
  • Dynamic (DAST) scanning
  • Static (SAST) scanning
  • Interactive (IAST) monitoring
  • Personal scans
  • Private sites
  • Importing issues from 3rd party scanners
  • Sample applications and scripts
    Use these sample applications to practice scanning with ASoC.
  • Dynamic (DAST) scanning
    ASoC can perform dynamic analysis of an application that runs in a browser. Use the configuration options available in ASoC, or upload an AppScan Standard configuration.
  • Static (SAST) scanning
    Use static analysis to scan applications for security vulnerabilities. To accomplish this, either use AppScan Go! or download a small client utility and use its command line interface (CLI) perform security analysis on on either source code or binary files for all supported languages. Static analysis plug-ins for Eclipse, IntelliJ IDEA, and Visual Studio are available through their respective marketplaces. Once plugins are installed, you can scan Java projects in Eclipse and IntelliJ IDEA, or .NET (C#, ASP.NET, VB.NET) projects in Visual Studio. Additional information on plugins and integrations is listed here.
  • Open source testing
    Open source testing locates and analyzes open source packages in your code. Our Software Composition Analysis (SCA) aggregates information from a variety of sources, constantly monitoring for new vulnerabilities in an automated process that keeps our information up-to-date daily. Sources include the most popular security vulnerability databases (NVD, Github advisory, Microsoft MSRC), and a wide range of lesser-known security advisories and open source project issue trackers.
  • Interactive (IAST) monitoring
    ASoC can monitor normal application runtime behavior, to detect vulnerabilities.
  • Scan status
  • Personal scans
    A personal scan is a way of evaluating the relative security of an application in development without affecting overall application scan data, or compliance.
  • Private sites
    An AppScan Presence on your server enables you to scan sites not accessible from the Internet.
  • Share: Email
  • Twitter
  • Disclaimer
  • Privacy
  • Terms of use