Configure a scan in AppScan on Cloud

Configure a static analysis scan.


To scan your application:
  1. Download and set up either:
  2. Scan or generate an IRX file for your application, or identify source code files to scan.
    1. To generate an IRX file by using the CLI, follow the instructions in Generating an IRX file by using the command line interface (CLI). You can scan all supported languages from the CLI.
    2. To generate an IRX file for a Maven project, follow the instructions in Running static analysis for a Maven project. Maven supports Java and Android projects only.
    3. To scan in Eclipse, IntelliJ IDEA, or Visual Studio, follow the instructions in Scanning in integrated development environments. In Eclipse and IntelliJ IDEA, you can scan Java projects - and in Visual Studio, you can scan .NET (C#, ASP.NET, VB.NET).
    4. To generate an IRX file using AppScan Go!, follow the instructions in Configuring a scan using AppScan Go!.
    5. To scan a source code file, identify the appropriate .zip, .war, .jar, or .ear file.
    Note: When you scan code or generate an IRX file, you might receive a message about updating to the latest Static Analyzer Command Line Utility. See Command Line Utility (CLI) support.
  3. If you have not yet done so, Create an application for your scans.
  4. Use the Create scan wizard to start configuring your scan. Select Application > Application > Scans > Create Scan > Static (SAST).
  5. Upload File tab: Drag-and-drop the file to scan into the gray area (or Click to select the file), then click Next.
    You can scan files of type .irx, .zip, .war, .jar, or .ear.
  6. Preferences tab: You can opt to run your scan as a personal scan whose security issues will not be added to the issues for the application as a whole. You can also deselect the default option that sends you an email when the scan completes.
  7. Click Review and Scan to proceed to the summary dialog.
  8. Edit the default name that was given to the scan. Optional.
  9. Click Scan Now.