Home
Navigation
This section describes the items on the main AppScan on Cloud menu bar, with links to more detailed information.
Scans and sessions
This view lists all scans and sessions in all your applications.
Single scan view
This view collects together all the data for a specific DAST or SAST scan, including all executions of the scan.

Getting started
Welcome to the documentation for HCL AppScan on Cloud, where you can find information about how to install, maintain, and use this service.
Navigation
This section describes the items on the main AppScan on Cloud menu bar, with links to more detailed information.
- All applications
  The Applications page lists all applications in your organization that are within the asset groups to which you are assigned. From the Applications page, you can create new applications and open individual application pages.
- Scans and sessions
  This view lists all scans and sessions in all your applications.
  - Single scan view
    This view collects together all the data for a specific DAST or SAST scan, including all executions of the scan.
- Open source libraries
  Search for, review, and take action on open source libraries associated with applications.
- Dashboard
  The main dashboard is the third item on the main menu bar. It gives you a detailed overview of the current state and history of all your applications.
- Organization
  Organization is your go-to hub for managing policies, domains, settings, subscriptions, and audit trails – it's where you control and organize it all.
Administration
Define users, applications, policies, and configure DevOps integrations.
Dynamic analysis
AppScan on Cloud performs security scans for web-applications for production, staging and development environments. For development environments it is aided by Private Site Scanning technology to scan applications not accessible to the open Internet.
Interactive monitoring
Using an agent installed on your application, ASoC identifies security vulnerabilities in your application during runtime by monitoring all interactions, both legitimate and malicious. The process is "passive," in the sense that IAST does not send its own tests, and can therefore run indefinitely.
Software Composition Analysis
Use Software Composition Analysis (SCA) to scan for security vulnerabilities in open source and third-party packages used by your code. SCA includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).
Static analysis
Use static analysis (SAST) to scan for security vulnerabilities in web and desktop applications. Static analysis includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).
Results
The Scans and Sessions page lists the scans under the categories DAST, SAST, SCA, and IAST, where you can view your scan results, including scan statistics. To view, rescan, or download reports, select a scan.
Troubleshooting
If you experience problems with this service, you can perform these troubleshooting tasks to determine the corrective action to take.
FAQ & Reference
Frequently asked questions, information about integrating ASoC into the product lifecycle (SDLC), and ASoC API documentation.

Single scan view

This view collects together all the data for a specific DAST or SAST scan, including all executions of the scan.

The individual scan page can be opened in two ways:

Applications > Application > View all scans > scan page
Scans > scan page

The page contains detailed information about the scan in three tabs: Overview, Issues, Fix groups, and Configuration.

General

The upper area shows the scan name. Select the specific execution of the scan to view from a drop-down list by date .

Overview

For the selected scan execution, this tab displays:

Details: Status, start and end dates, scanned by, and duration and number of new and active issues.
Coverage: Number of visited pages and tested elements
Issues by Severity chart
Execution log
Note: The log pane shows only the latest section of the log. To see the whole log, click the Download link.

Possible scan statuses are:

Configuration saved: The scan has been configured but not yet started by the user.
Queued: You started the scan, but it is not yet running due to the limit on the number of concurrent scans. It will run as soon as allowed by your subscription.
Initialized: You started the scan and it will start running within a few seconds.
Running: Scan in progress.
Pausing/Paused: You paused the scan. Click Resume to continue.
Under review: The scan configuration requires review my our support team and will continue when this has been done.
Completed: Scan completed successfully.
Failed: Scan failed.

Issues

For the selected scan execution, this tab displays a list of all active and non-complaint issues by default. Filters are available, and the columns shown can be selected from the drop-down list.

Fix groups

For the selected scan execution, this tab displays the fix groups for the issues found.

Configuration

For the selected scan execution, this tab displays (where applicable):

Scan and execution IDs
URL (where the scan started) and domains
Login type
Explore type (automatic or guided)
Network type (public or private)
Test options (optimization and policy used)