What’s New?
The plugin supports App scan server version 10 or higher .
- Overview
- Documentation
- Version history
Description
HCL AppScan Enterprise enables organizations to mitigate application security risk and achieve regulatory compliance. This plugin includes steps to run AppScan Enterprise scans and retrieve scan results in HCL Launch processes.
Quick Info
Product
HCL DevOps Deploy (HCL Launch)
Type
plugin
Compatibility
HCL Launch version 7.1.0 or later
Created by
HCL Software
Website
Published Date
Last Updated
Summary
Usage
Steps
Summary
The HCL AppScan Enterprise plugin for HCL Launch includes steps that run security scans and retrieve reports.
This plugin includes one or more steps, click Steps for step details and properties.
Compatibility
This plugin requires HCL Launch version 7.1.0 or later and App scan server version 10 or higher.
Installation
See Installing plugins in HCL Launch for installing and removing plugins.
History
The following table describes the changes made in each plugin version.
| Version | Description |
|---|---|
| 24 |
|
| 23 |
|
| 22 |
|
| 18 |
|
| 17 |
|
| 15 |
|
| 14 |
|
Usage
Step palette
To access this plugin in the palette, lick Security > AppScan Enterprise.
Steps
Step palette
To access this plugin in the palette, lick Security > AppScan Enterprise.
————–Steps ————–
The following process steps are available in the AppScan plugin.
- Configure Job Options
- Create Scan
- Delete Folder Item
- List Templates
- Retrieve PDF Report
- Retrieve Report
- Run Scan
- Wait for Scan
Configure Job Options
Configure scan job options.
Site URLStringURL of site to scan. If there is already at least one starting URL associated with the scan, input here will add to the list of URLs.No
| Name | Type | Description | Required |
|---|---|---|---|
| AppScan Enterprise URL | String | AppScan Enterprise Control Center URL. For example, https://localhost/ | Yes |
| HTTP Authentication | Enumeration | Check this field to enable Basic/NTLM authentication. Values are default, true, false, and ${p?:component/appscan.httpAuth}. | No |
| HTTP Password | Password | No | |
| HTTP User | String | No | |
| Password | Password | Password to log into ASE. | Yes |
| Login .config File | String | Add path to Login .config file if login method is selected as “Manual File”. | No |
| Login Method | Enumeration: None / Automatic / Manual File | Select the login method. | No |
| Recorded Traffic .config File | String | Add path to Login .config file for uploading traffic data. | No |
| Scan FIID | String | FIID of the scan to configure. This is found in the scans URL. | Yes |
| Scan Limit | String | No | |
| Scan Site Password | Password | Password to use when logging into the site. Input here will overwrite the password if there is already one set in the scan. | No |
| Scan Site User | String | User to log into the site as. Input here will overwrite the username if there is already one set in the scan. | No |
| User | String | Username to log into ASE. | Yes |
Create Scan
Create an AppScan security scan.
| Name | Type | Description | Required |
|---|---|---|---|
| AppScan Enterprise URL | String | AppScan Enterprise Control Center URL. For example, https://localhost/ | Yes |
| Application ID | String | The application ID. Used to associate the job with an application. | No |
| Automated Scan Name | String | lease select Yes for automated scan name. | |
| Folder ID | String | ID of the specific folder in which to create the scan and report pack. If this is left blank, the scan and report pack will be created in the root folder. | No |
| Password | Password | Password to log into ASE. | Yes |
| Scan Description | String | The description to give to the newly created scan. | Yes |
| Scan Name | String | The name to give to the newly created scan. | Yes |
| Template Name | String | Name of the template to use to create the scan and report pack. Must be a valid template that you have access to in the Templates directory or any of its subfolders. | Yes |
| Test Policy ID | String | The Test Policy ID. Used to associate the job with an application. | No |
| User | String | Username to log into ASE. | Yes |
Delete Folder Item
Delete a folder item, such as a Scan or Report, from the AppScan Scans view.
| Name | Type | Description | Required |
|---|---|---|---|
| AppScan Enterprise URL | String | AppScan Enterprise Control Center URL, For example, https://localhost/ | Yes |
| Folder Item FIID | String | Specify a Folder Item FIID to delete. Example: Scan or Folder FIID. | Yes |
| Password | Password | Password to log into ASE. | Yes |
| User | String | Username to log into ASE. | Yes |
List Templates
Retrieve and print a list of available job templates.
| Name | Type | Description | Required |
|---|---|---|---|
| AppScan Enterprise URL | String | AppScan Enterprise Control Center URL. For example, https://localhost/ | Yes |
| Password | Password | Password to log into ASE. | Yes |
| User | String | Username to log into ASE. | Yes |
Retrieve PDF Report
Retrieve report from AppScan Enterprise. Reports are saved as a PDF file named AppScanReportOutput-[date]-[time].zip
| Name | Type | Description | Required |
|---|---|---|---|
| AppScan Enterprise Port | String | AppScan Enterprise Port number. | Yes |
| AppScan Enterprise URL | String | AppScan Enterprise Control Center URL, For example, https://localhost/ | Yes |
| Application ID | String | ID of the application report to retrieve. | Yes |
| File Path | String | Path of file to write report info to. For example, C:/reports/ | Yes |
| Password | Password | Password to log into ASE. | Yes |
| Scan Name | String | The name of the scan within the application. The format is {scanName} ({scanFIID}). For example, Test Scan (171). | Yes |
| User | String | Username to log into ASE. | Yes |
Retrieve Report
Retrieve report pack summary and specific report information from AppScan Enterprise. Reports are saved as a xml files named [reportFIID]-Summary.xml and [reportFIID]-[reportName].xml
| Name | Type | Description | Required |
|---|---|---|---|
| AppScan Enterprise URL | String | AppScan Enterprise Control Center URL. For example, https://localhost/ | Yes |
| Password | Password | Password to log into ASE. | Yes |
| Report Destination | String | Folder path to save the report file. Default location is the working directory. Example: C:/reports/. The full file path will be saved as an output property. | No |
| Report FIID | String | FIID of the report pack to retrieve. This is found in the reports URL. | Yes |
| Report Name | String | The name of the report within the report pack to retrieve the issue counts. If empty, then no report counts are retrieved. | No |
| User | String | Username to log into ASE. | Yes |
Run Scan
Run an AppScan security scan.
| Name | Type | Description | Required |
|---|---|---|---|
| AppScan Enterprise URL | String | AppScan Enterprise Control Center URL. For example, https://localhost/ | Yes |
| Password | Password | Password to log into ASE. | Yes |
| Reports FIID | String | FIID of the report pack associated with the scan. If not given, step may finish before waiting for report pack to complete. This is found in the reports URL. | No |
| Retries | String | The number of times to retry running the scan, in case of failure. | No |
| Scan FIID | String | FIID of the scan to run. This is found in the scans URL. | Yes |
| Timeout | String | Timeout, in minutes, at which the step fails if the scan is not yet complete. Minimum is 5 minutes. | No |
| User | String | Username to log into ASE. | Yes |
Wait for Scan
Wait for an AppScan Scan to complete.
| Name | Type | Description | Required |
|---|---|---|---|
| AppScan Enterprise URL | String | AppScan Enterprise Control Center URL, For example, https://localhost/ | Yes |
| Password | Password | Password to log into ASE. | Yes |
| Scan FIID | String | FIID of the scan to wait for. This is found in the scan URL. | Yes |
| Timeout | String | Timeout, in minutes, at which the step fails if the scan is not yet complete. Leave empty to wait indefinitely. | No |
| User | String | The user name for connecting to ASE. | Yes |
- 27.1169570
- 26.1166855
- 25.1166389
- 24.1161014
- 23.1161004
- 22.1159870
- 21.1143722
- 20.1141151
- 20.1141119
- 19.1140926
- 18.1140668
- 17.1139541
- 16.1139034
- 16.1138002
- 15.1135024
- 14.1105371
- 14.1101790
Version
launch-appscan-27.1169570.zip
Uploaded: 9-Aug-2024 03:43
Release Notes
- Fixed bug that doesn't allow the download report as PDF after AppScan upgrade.
launch-appscan-26.1166855.zip
Uploaded: 13-Mar-2024 06:43
Release Notes
- Modified timeout Logic for Retrieve PDF report.
launch-appscan-25.1166389.zip
Uploaded: 28-Feb-2024 13:26
Release Notes
- Added property ScanType for the Configure Job options step.
- Modified timeout Logic for Retrieve report and Wait for scan steps.
launch-appscan-24.1161014.zip
Uploaded: 07-Sep-2023 07:37
Release Notes
- Updated the plugin to use the new appscan Rest API to retrieve report summary file as a json file.
launch-appscan-23.1161004.zip
Uploaded: 07-Sep-2023 05:01
Release Notes
- Fixed plugin code for retrieving report summary file in xml format.
launch-appscan-22.1159870.zip
Uploaded: 24-Aug-2023 06:47
Release Notes
- Added Test policy Id as an input property to Create scan step.
- Fixed defect KB0106648 to update correct testpolicyId while creating a scan.
launch-appscan-21.1143722.zip
Uploaded: 07-Nov-2022 12:09
Release Notes
- Added Site Url feature.
- Added Automated Scan Name feature.
launch-appscan-20.1141151.zip
Uploaded: 14-Sep-2022 11:37
Release Note
Added PDF file type feature.
launch-appscan-20.1141119.zip
Uploaded: 12-Sep-2022 11:43
launch-appscan-19.1140926.zip
Uploaded: 07-Sep-2022 10:19
Release Note
Minor enhancements.
launch-appscan-18.1140668.zip
Uploaded: 29-Aug-2022 08:16
Release Note
Added Traffic file in Configuration Step.
launch-appscan-17.1139541.zip
Uploaded: 10-Aug-2022 06:56
Release Notes
- Create scan folder ID fix.
- Retrieve Report fix.
launch-appscan-16.1139034.zip
Uploaded: 10-Aug-2022 06:42
Release Note
Error logs fixed.
launch-appscan-16.1138002.zip
Uploaded: 20-Jul-2022 09:45
Release Note
Error logs fixed.
launch-appscan-15.1135024.zip
Uploaded: 15-Jul-2022 11:39
Release Notes
- Upgraded all steps with latest APIs.
- Plugin is now compatible with new App scan server.
launch-appscan-14.1105371.zip
Uploaded: 21-Apr-2021 09:27
launch-appscan-14.1101790.zip
Uploaded: 12-Mar-2021 12:47