Home
Overview
Learn general information about the product.
Vulnerable components detection using AppScan
AppScan enhances application security by identifying and reporting vulnerabilities in third-party components, ensuring businesses are protected from potential threats. This helps prevent undetected vulnerabilities and ensures business continuity.

Welcome
Welcome to the HCL AppScan Enterprise 10.4.0 documentation, where you can find information about how to install, maintain, and use HCL AppScan Enterprise.
Accessibility features for AppScan® Enterprise
Accessibility features assist users who have a disability, such as restricted mobility or limited vision, to use information technology content successfully.
Overview
Learn general information about the product.
- Application security management
  Security is about protecting your valuable assets. Some of the most important assets your organization owns are in the form of information, such as intellectual property, strategic plans, and customer data. Protecting this information is critical for your organization to continue to operate, be competitive, and meet regulatory requirements.
- AppScan® Enterprise components
  HCL® AppScan® Enterprise enables organizations to mitigate application security risk, strengthen application security program management initiatives and achieve regulatory compliance. Security and development teams can collaborate, establish policies and scale testing throughout the application lifecycle. Enterprise dashboards classify and prioritize application assets based on business impact and identify high-risk areas, permitting you to maximize your remediation efforts. Performance metrics are provided that help you monitor the progress of your application security programs.
- Getting started with application security management
  Depending on your role, you can get started with different areas of the product.
- What's new in HCL AppScan® Enterprise
  This section describes new AppScan Enterprise product features and enhancements in this release, as well as deprecations and anticipated changes, where relevant.
- Interactive Application Security Testing (IAST) in AppScan Enterprise
- Vulnerable components detection using AppScan
  AppScan enhances application security by identifying and reporting vulnerabilities in third-party components, ensuring businesses are protected from potential threats. This helps prevent undetected vulnerabilities and ensures business continuity.
- Supported technologies
- Known issues and workarounds
  These are known issues and their workarounds.
- Deprecated features
  If you are migrating from an earlier release of AppScan® Enterprise, you should be aware of the various features that have been deprecated in this release.
- AppScan Enterprise Legal Notices
- Statement of Good Security Practices
Installing
Learn how to install the product.
Upgrading and migrating
Learn how to upgrade the product.
Integrating
Learn how to integrate the product with other solutions.
DevOps
Learn how to extend the product with REST APIs and plugins.
Best practices
Learn best practices for using the product.
Configuring
Learn how to configure the product.
Administering
Learn how to administer the product.
Managing application risk
Follow this workflow to manage application security risks in your organization.
Troubleshooting and support
To help you understand, isolate, and resolve problems with your HCL® software, the troubleshooting and support information contains instructions for using the problem-determination resources that are provided with your HCL products.
Reference
Review reference information for the product.
Glossary

Vulnerable components detection using AppScan

AppScan enhances application security by identifying and reporting vulnerabilities in third-party components, ensuring businesses are protected from potential threats. This helps prevent undetected vulnerabilities and ensures business continuity.

Detecting third-party components in your application

AppScan will, by default, identify and report any vulnerabilities, including those in the third-party components of your application. You can view this list in the Components view of the Monitor tab. For more information on the third-party components that AppScan recognizes, see What third-party components does AppScan detect in DAST scans?

The "report vulnerabilities in identified components" option is enabled by default but can be disabled from Administration > General Settings. Once disabled, any new content scans created will no longer have this option enabled, but it can still be manually enabled from the scan settings.

You can import and export component issues from AppScan Enterprise and AppScan Standard XML files, see Importing issues from an internal or a third-party scanner and Exporting issues as reports.

In the following cases, the components view might not show any components:

Identifiable third-party components are not used in your application.
No new scans or rescans were run.

Remediating vulnerabilities in third-party components

When the scan is complete, you can view the vulnerabilities in the Issues view under "Vulnerable Components." For more information, see Remediating risks.