start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
  • Contact us
    • start portlet menu bar end portlet menu bar
    Close
    Select Page
      | August 12, 2020

    An Overview of HCL AppScan's Integration with Azure DevOps

    Lalitha Prasad
    Lalitha Prasad
    Group Technical Specialist (SME)
    An Overview of HCL AppScan's Integration with Azure DevOps

    We are witnessing organizations moving to cloud computing, and the cloud platform continues to grow year on year. With this transition, there is always concern about application security, even though physical and infrastructure security may be taken care of by cloud providers. Application security testing tools are essential to ensure that applications remain secure, even in the cloud space.

    Azure DevOps is one such platform that provides developer services to support teams to plan work, collaborate on code development, and build and deploy applications. Developers can work in the cloud using Azure DevOps Services or on-premises using Azure DevOps Server. Azure DevOps Server was formerly named Visual Studio Team Foundation Server (TFS). The documentation can be found here.

    AST in Azure DevOps

    Can we add Security to Azure DevOps  and make it “DevSecOps”, where security is integrated into the CI/CD pipeline and promotes a Shift-Left strategy? The short answer is “Yes.”

    As you are aware, HCL Appscan on Cloud (ASoC) is a one-stop solution for all the AST functions that you need to perform: SAST, DAST, MAST, IAST and OSS.

    This solution can be integrated well into the DevOps cycle with the most popular Azure DevOps in the form of extensions, which can be availed for free. That’s an added bonus.

    The integration empowers developers and security analysts to find and fix vulnerabilities. So what are the features of this extension? Does it fit my pipeline requirements? Can I see the reports? How easy is it to configure? The answer to the configuration question is “YES,” so let’s take a deeper dive into that topic now.

    Installation, configuration and operation of HCL AppScan Extension

    Installation and Setup of HCL AppScan is very easy. You can download the extension from the Azure DevOps marketplace, and it is free.

    Once the extension is installed, it needs to be configured with ASoC credentials with the KeyID and KeySecret using the Service Connection in Azure DevOps.

    service connection

    The HCL AppScan extension is now ready to be incorporated with your project’s CI/CD pipeline.

    You can perform SAST/DAST/MAST/OSS scanning by adding the Run HCL Appscan Security script into your project pipeline.

    Here’s an example:

    task: HCLAppScan@1

      inputs:

        AppSecTestService: ‘ASoC’

        applications: ‘dc199ea3-1f1e-49b1-8f0d-54b6ee457e71’

        scanname: ‘Azure’

        scantype: ‘static’

    Refer to this link for additional installation details.

    Some important features that use the HCL AppScan extension are:

    1. Enablement and configuration of settings, such as the type of testing to be performed, email alerts and fail build conditions before triggering a build.
    2. A view of the build’s progress in the console.

    framework analysis

    3. A summary view of the issues once the scan is completed.

    hcl appscan summary

    4. A download the Scan report for consumption.

    Advantages of the HCL AppScan Extension

    1. It enables organizations to expand from “DevOps” to “DevSecOps,” by catering to their AST needs, ultimately resulting in delivery of more secure software.
    2. Developer empowerment to perform checks for security vulnerabilities as developers are coding, without the need to move back and forth from ASoC to Azure DevOps.
    3. Empowerment of security analysts and other key stakeholders to perform scans and download reports for consumption.

    By using the HCL AppScan Extension on Azure DevOps, your organization is empowered to perform all types of scanning without the need to juggle between different tools. You can benefit from the Machine Learning capabilities of Appscan like Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA), which provide results that are based on actionable issues and Fix groups.

    To learn more about the impact of IFA and ICA on SAST scan results for AppScan on Cloud, click here.

    Finally, HCL AppScan’s reports are vast and detailed, and they can be consumed by multiple stakeholders, such as developers and security analysts.

    To Learn More

    Click here to begin your free 30-day trial of HCL AppScan on Cloud and test-drive AppSec on your own.

     

     

     

     

     

     

    Comment wrap
    Lalitha Prasad
    Lalitha Prasad
    Group Technical Specialist (SME)
    Lalitha currently serves as Group Technical Specialist (SME) for HCLSoftware’s AppScan solution. She possesses more than 15 years of experience in the IT security space and has worked in a variety of different roles in the field, including Web Application Security Testing Solution Architect, Network Penetration testing and Senior Security Consultant. In her spare time, she's keen on gardening, art work, playing badminton and travelling.
    Read more

    Topics in this article:

    Application SecurityApplication Security TestingAppSeccontinuous deliveryContinuous IntegrationDevOps

    Start a Conversation with Us

    We’re here to help you find the right solutions and support you in achieving your business goals.

    Connect with us

    Submit a Comment

    Your email address will not be published. Required fields are marked *

    * HCL provides software and services to the U.S. Federal Government through its partner Four, Inc. Please contact Four, Inc. at the U.S. Federal Government contact page.


    appscan
      |  March 12, 2025
    DeepSeek and Beyond: Why AppSec is Your Secret Weapon in the Cyberwar
    DeepSeek’s cyberattack highlights the growing need for AppSec. Learn how CISOs can strengthen application security to protect against evolving cyber threats.
    Uffe Sorensen
    Muskan Khan
    Product Marketing Manager, HCL AppScan
    appscan
      |  February 28, 2025
    Introducing Custom Scripts: A New Level of Flexibility in HCL AppScan DAST
    Enhance security testing with Custom Scripts in HCL AppScan DAST. Gain flexibility, improve accuracy, and tailor scans to your application's unique needs.
    Uffe Sorensen
    Kamal Kumar Chandrashekar
    Senior Product Manager, HCL AppScan
    appscan
      |  February 28, 2025
    HCL AppScan 10.8.0: Smarter Security with Customization, Reporting and New Licensing Platform
    HCL AppScan 10.8.0 enhances security testing with automation, improved reporting, and a new licensing platform. Stay ahead of threats with smarter customization.
    Uffe Sorensen
    Ryley Robinson
    Project Marketing Manager
    start portlet menu bar end portlet menu bar