About static analysis (SAST)

Static analysis is the evaluation of applications for security vulnerabilities without executing the applications. HCL AppScan on Cloud performs security scans for web and desktop applications.

To perform static analysis, either use AppScan Go!, download a small client utility and use its command line interface (CLI), or configure a plugin to perform security analysis on either source code or binary files for all supported languages.

AppScan on Cloud looks for and scans specific file types associated with supported languages. For applications written in some languages, ASoC scans source code. For others, ASoC scans binary files of built code. To learn about all of the languages that are supported for static analysis scans, see Static analysis language support.

Static analysis includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA). IFA dramatically reduces the manual effort of triaging security findings to focus only on positive, high-value issues. ICA helps reduce, or avoid entirely, the complex configuration required in other technologies, improving scan accuracy automatically.