start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
  • Contact us
    • start portlet menu bar end portlet menu bar
    Close
    Select Page
    Secure DevOps
      | August 20, 2024

    Streamlining Security: Integrating HCL AppScan with Maven and Gradle

    Parimal Sureshagarkhed
    Parimal Sureshagarkhed
    Lead Software Engineering
    Streamlining Security: Integrating HCL AppScan with Maven and Gradle

    In the fast-paced world of software development, staying ahead means constantly evolving to meet new challenges. That’s why HCL AppScan is  thrilled to introduce two new plugins designed to enhance your development process and strengthen your security posture. Seamlessly integrating into your existing workflows, these plugins empower your team to work more efficiently while keeping security front and center.

    The HCL AppScan Maven and Gradle plugins are tailored to integrate with the tools developers use daily, offering seamless security scans that align perfectly with your workflow. Whether you're building Java applications with Maven or managing complex project dependencies with Gradle, these plugins ensure that security becomes an integral part of your development pipeline.

    Both plugins are available on HCL AppScan on Cloud and HCL AppScan 360º, featuring rich releases that can significantly enhance your application security.

    HCL AppScan Maven Plugin

    The HCL AppScan Maven plugin is crafted to integrate smoothly with Maven-based projects, enabling developers to easily incorporate security testing into their build processes. As a widely used build automation tool in the Java ecosystem, Maven benefits from this integration by including security checks in its standard build lifecycle.

    Key Features

    1. Seamless Integration: The plugin can be easily incorporated into your Maven project with minimal configuration, simplifying the setup and usage process.

    2. Automated Scanning: It automatically scans your code for vulnerabilities during the build process, offering immediate feedback on potential issues.

    3. Customizable: The scanning parameters can be tailored to meet the specific needs of your project.

    Getting Started

    • Refer here for the prerequisites to use the plugin.
    • Refer this link for instructions on how to use the plugin.
    • These are the configurable options available in the plugin.

    Once the plugin is added, you can run your Maven build as usual. The AppScan plugin will automatically execute a security scan and generate a report in AppScan on Cloud (or AppScan 360˚).

    HCL AppScan Gradle Plugin

    The HCL AppScan Gradle plugin offers comparable features for projects utilizing Gradle as their build automation tool. Renowned for its flexibility, Gradle is extensively adopted in contemporary software development. By integrating HCL AppScan with Gradle, security becomes an integral aspect of your build process.

    Key Features

    1. Seamless Integration: Easily integrates with your Gradle build scripts, making security testing a natural part of your development workflow.

    2. Automated Security Checks: Automatically scans your codebase for vulnerabilities during the build process, providing timely feedback.

    3. Configurable: Offers configurable scanning options to match your project's requirements.

    Getting Started

    • Refer here for the prerequisites to use the plugin.
    • Refer this link for usage of the plugin.
    • These are the configurable options.

    With this configuration, the AppScan plugin will run after the project build task, ensuring that your code is scanned for vulnerabilities as part of the build process.

    Benefits of Integrating with HCL AppScan

    1. AI-enabled Time Savings: Using these plugins, you can benefit from HCL AppScan’s proven AI/machine learning capabilities like Intelligent Finding Analytics (IFA) for reducing false positives, and Intelligent Code Analytics (ICA) for automatically widening scan coverage
    2. Actionable Insights: HCL AppScan provides comprehensive, detailed security test reports that contain scan issues along with remediation guidance for the issues reported. You can view the sample reports here and generate different report formats including html, pdf, xml, and csv.
    3. Early Detection: By integrating security testing into your build process, you can catch vulnerabilities early, reducing the cost and effort required to fix them.
    4. Continuous Security: Ensure security checks are performed consistently, making it harder for vulnerabilities to slip through the cracks.
    5. Improved Code Quality: Regular security scanning can lead to improved code quality as developers become more aware of potential security issues.
    6. Compliance: Helps in meeting compliance requirements by ensuring that your codebase is regularly scanned and secured.

    Integrating security testing into your CI/CD pipelines is vital for maintaining the security and integrity of your applications. The HCL AppScan Maven plugin and the HCL AppScan Gradle plugin provide robust tools to automate security checks and ensure that your code is secure from the beginning. By incorporating these plugins into your build processes, you can boost your application's security posture and release software with confidence.

    This integration is a part of an extensive list of marketplace-based collaborations with high-demand tools including Visual Studio, Jenkins, GitHub, GitLab and more (see full list here).

    Get more information on all HCL AppScan application security testing solutions here. 

    Not yet a customer of HCL AppScan on Cloud or AppScan 360? Click here for a free trial of Application Security on Cloud to use with the above build plugins or contact us to start your own HCL AppScan 360º journey today!

    Comment wrap
    Parimal Sureshagarkhed
    Parimal Sureshagarkhed
    Lead Software Engineering
    Parimal Agarkhed is currently a Lead Software Engineer at HCL AppScan, focusing on testing integration components for DevSecOps. He has 17+ years of professional experience in the IT space, including contributions toward the Application Security domain for the past three years. When not on his laptop, he likes to travel, explore and share his experiences.
    Read more

    Topics in this article:

    HCL AppScanApplication securityDevSecOpsSecurity testingVulnerability scanningSoftware developmentHCL AppScan on Cloud

    Start a Conversation with Us

    We’re here to help you find the right solutions and support you in achieving your business goals.

    Connect with us

    Submit a Comment

    Your email address will not be published. Required fields are marked *

    * HCL provides software and services to the U.S. Federal Government through its partner Four, Inc. Please contact Four, Inc. at the U.S. Federal Government contact page.


    appscan
    Secure DevOps | November 8, 2024
    Protecting Software Supply Chains with SBOM & PBOM
    Learn how SBOM and PBOM are transforming software supply chain security. Explore how these tools help organizations identify vulnerabilities, ensure compliance and mitigate risk from cyberattacks targeting third-party vendors and open-source components.
    Uffe Sorensen
    Ryley Robinson
    Project Marketing Manager
    appscan
    Secure DevOps | November 6, 2024
    Enhancing Project Security with HCL AppScan’s Visual Studio Plugin
    Secure your code from the start with HCL AppScan's Visual Studio plugin. Detect and fix vulnerabilities early in development with automated scanning and real-time feedback.
    Uffe Sorensen
    Ryley Robinson
    Project Marketing Manager
    appscan
    Secure DevOps | October 23, 2024
    New Licensing Changes & MHS Launch in HCL AppScan Version 10.7.0
    Learn about HCL AppScan Version 10.7.0 licensing changes, including the new My HCLSoftware portal for seamless license management and compliance.
    Uffe Sorensen
    Ayan Som
    Senior Product Manager, HCL AppScan
    start portlet menu bar end portlet menu bar