Home
Configuring
Learn how to configure the product.
Configuring applications and projects
Before you scan, you must configure applications and projects. This section explains the Application Discovery Assistant, New Application Wizard, and the New Project Wizard. You will learn how to configure attributes for AppScan® Source for Analysis. In addition, this section teaches you how to add existing applications and projects for scanning - and how to add files to projects.
Creating containers using the Docker image
Scanning without manual intervention

Welcome
Welcome to the documentation for HCL® AppScan® Source.
Introduction to HCL® AppScan® Source
HCL® AppScan® Source delivers maximum value to every user in your organization who plays a role in software security. Whether a security analyst, quality assurance professional, developer, or executive, the AppScan Source products deliver the functionality, flexibility, and power you need - right to your desktop.
What's New in AppScan® Source
Explore these new features that have been added to AppScan® Source - and note any features and capabilities that have been deprecated in this release.
Installing
Learn how to install the product.
Configuring
Learn how to configure the product.
- Configuring applications and projects
  Before you scan, you must configure applications and projects. This section explains the Application Discovery Assistant, New Application Wizard, and the New Project Wizard. You will learn how to configure attributes for AppScan® Source for Analysis. In addition, this section teaches you how to add existing applications and projects for scanning - and how to add files to projects.
  - AppScan® Source application and project files
    AppScan® Source applications and projects have corresponding files that maintain configuration information required for scanning, as well as triage customization. It is recommended that these files reside in the same directory as the source code, since configuration information (dependencies, compiler options, and so forth) required to build the projects is very similar to that required for AppScan Source to scan them successfully. Best practice includes managing these files with your source control system.
  - Configuring applications
    You can use the New Application Wizard or the Application Discovery Assistant to create applications. The Application Discovery Assistant automates application setup for you, whereas the New Application Wizard allows you to add applications, guiding you through the configuration process. The wizard helps you manually create a project or add existing projects to an application. This section describes these two methods for adding application and basic configuration tasks.
  - Configuring your development environment for Eclipse and Rational® Application Developer for WebSphere® Software (RAD) projects
    Before you import an Eclipse or Rational® Application Developer for WebSphere® Software (RAD) project, you must properly configure the development environment. Although Eclipse is the basis for each project type, AppScan® Source distinguishes between the different versions.
  - Creating a new project for an application
    After you add an application, you add projects to it.
  - Creating containers using the Docker image
  - Copying projects
    AppScan® Source for Analysis allows you to copy all project types except .NET projects. Modifications to the project do not affect the duplicated project; after you copy a project, there is no connection between the original project and the copied project. When you copy an imported project, you create an AppScan Source project file (.ppf) with all configuration information.
  - Modifying application and project properties
    When you select an application or project in the Explorer view, the current properties appear in the Properties view, where you can make modifications.
  - Global attributes
    Global attributes must be defined before they can be associated with individual applications. Global attributes are defined in the Properties view by selecting All Applications in the Explorer view.
  - Application attributes
    Application attributes apply to the currently-selected application and depend on previously created global attributes.
  - Removing applications and projects
    You can remove applications and projects from AppScan® Source for Analysis if they are not registered.
  - Explorer view
    The Explorer view contains a Quick Start section at the top - and an explorer section at the bottom which contains one node, All Applications. The Quick Start section contains several useful links that launch common actions. The explorer section consists of a tree pane that provides a hierarchical view of your resources: applications, projects, directories, and project files, with All Applications as its root. You navigate these resources much like a file browser. As you navigate the view, the selection state of the tree determines the available tabs in the Properties view.
- Preferences
  Preferences are personal choices about the appearance and operation of AppScan® Source for Analysis.
Administering
Learn how to administer the product.
Developing
Learn how to develop by using the product.
Extending product function
Learn how to extend the product.
Reference
Review reference information for the product.
Troubleshooting and support
There are a number of self-help information resources and tools to help you troubleshoot problems.

Scanning without manual intervention

The AppScan® Source CLI shell starts by default when a container is created; all supported AppScan® Source CLI commands can be executed within the container. The CLI also supports defining a set of commands in a script file and specifying the file using the script command to execute all those commands sequentialy.

By making use of a script command, a scan can be performed without manual intervention.

For example:

Create a script:

> vi /host_machine_workspace/cli.script
> login …
> oa /container_workspace/simpleIOT/SimpleIOT.paf
> scan
> report "Findings by Fix Group" pdf-annotated /Apps/owasp_report.pdf
        -includeSrcBefore:5 -includeSrcAfter:5 -includeTrace:suspect
      -includeHowToFix
> logout

Run the scan in the container, specifying the script:

docker run -it --rm --env-file ./env.list --volume
        /host_machine_workspace/:/container_workspace/
        hcl/appscan/source/cli:10.1.0 script .“/container_workspace/cli.script