Utilities/HCL ASoC - Process Steps
Start Dynamic Analyzer ASoC Scan
Starts a new Dynamic Analyzer ASoC Scan, using HCL ASoC. This step will generate the 'ScanId' output property.
| Name | Type | Description | Required |
|---|---|---|---|
| ASoC Application ID | textBox | The ID of the application in ASoC. | Yes |
| Base ASoC URL | textBox | Please enter a base ASoC URL to scan. Ex- cloud.appscan.com, cloud.appscan.com/eu. | Yes |
| Login Key ID | textBox | The API key ID to authenticate with ASoC. | Yes |
| Login Key Secret | secureBox | The API key secret to authenticate with ASoC. | Yes |
| Scan Name | textBox | Enter a name for the scan. If empty, the Starting URL will be used. | Yes |
| Starting URL | textBox | Please enter a URL to scan. (You must complete Domain Verification through the UI, as it is not currently supported by this plugin.) | Yes |
| Application Username | textBox | Username for the scanned application if it contains a login. | Yes |
| Application Password | secureBox | Password for the scanned application if it contains a login. | Yes |
| Third Application Credential | secureBox | Provide this field if your application requires a third credential. | Yes |
| Presence ID | textBox | Specify an ID of an existing presence, which allows you to run scans on apps not connected to the internet or require a proxy server to make a connection. The presence must be accessible to the user. | Yes |
| Scan Type | selectBox | Select the type of scan. Staging scans are more comprehensive and designed to scan sites before production. Production scans are designed to scan live sites. | Yes |
| Scan/Template File | textBox | The path to a configuration (SCAN or SCANT) file. Use this field if you have specific configuration requirements. The Starting URL that you enter above must be identical to the Starting URL in the file. | Yes |
| Fail condition threshold (H, M, L, I) | textBox | Please set the number of issues found (by severity) in a comma-separated list. If the threshold is reached during the scan, the scan will fail. In this field, you can specify the numbers for these severity levels: High (H), Medium (M), Low (L), and Informational (I). For example, a fail condition of '0,5,10,20' will cause the step to fail if the resulting scan has more than 0 High issues, 5 Medium issues, and so on. If this field is left empty, there will be no validation of results and the scan will not fail as a result of a fail condition. | Yes |
| Set Issue Count Output Properties | checkBox | Selecting this will wait for the scan results and set the highIssueCount, medIssueCount, lowIssueCount, and infoIssueCount output properties. | No |
| Original scan ID | textBox | If this is a rescan please enter the original scan id | Yes |
| Enable Mail Notification | checkBox | Select this option to notify email IDs configured in ASoC. | No |
| Commit SHA | textBox | Optional commit SHA to attach in the scan comment metadata. | No |
| Build URL | textBox | Optional build URL to attach in the scan comment metadata. | No |
| Environment | textBox | Optional environment value to attach in the scan comment metadata. | No |
| Test Policy | selectBox | A predefined set of tests for AppScan to use. Here is a short description for each option: Comprehensive (Default) -> This is the most thorough Test Set and is used by default. Application-Only -> This Test Set includes all application level tests except invasive and port listener tests. The Vital Few -> This Test Set includes a selection of tests that have a high probability of success. This can be useful for evaluating a site when time is limited. | Yes |
| Fail Scan on Pause | checkBox | Select this option to immediately fail the process if the scan is paused. If unchecked, the process will continue running. | No |
| Scan Timeout (minutes) | textBox | Please enter a timeout for the scan (relevant for only when validating report). The default value of -1 will cause the scan to run until it completes. | No |
Start Static Analyzer ASoC Scan
Starts a new Static Analyzer ASoC Scan, using HCL AppScan on Cloud. This step will generate the 'ScanId' output property.
| Name | Type | Description | Required |
|---|---|---|---|
| ASoC Application ID | textBox | The ID of the application in ASoC. | Yes |
| Base ASoC URL | textBox | Please enter a base ASoC URL to scan. Ex- cloud.appscan.com, cloud.appscan.com/eu. | Yes |
| Login Key ID | textBox | The API key ID to authenticate with ASoC. | Yes |
| Login Key Secret | secureBox | The API key secret to authenticate with ASoC. | Yes |
| IRX file/Scan directory | textBox | Please point to the IRX file to be uploaded for scanning, or the directory that contains the files or other locations to scan. The files and locations that can be specified in this field include: .jar files, .war files, .ear files, Eclipse workspaces, and scan configuration files. For example, 'c:\build_output\testapp.irx' or 'c:\build_output'. | Yes |
| Scan configuration file | textBox | Please point to the path and file name of a scan configuration file. This overrides any scan configuration files which may exist in the scan directory. For example, 'c:\build_output\appscan-config.xml'. | Yes |
| Static Analyzer Client Tool location | textBox | Please point to the directory that the client tool was unzipped to. For example, C:\SAClientUtil. This property must be supplied if you need to generate the IRX file. | Yes |
| Fail condition threshold (H, M, L, I) | textBox | Please set the number of issues found (by severity) in a comma-separated list. If the threshold is reached during the scan, the scan will fail. In this field, you can specify the numbers for these severity levels: High (H), Medium (M), Low (L), and Informational (I). For example, a fail condition of '0,5,10,20' will cause the step to fail if the resulting scan has more than 0 High issues, 5 Medium issues, and so on. If this field is left empty, there will be no validation of results and the scan will not fail as a result of a fail condition. | Yes |
| Original scan ID | textBox | If you have previously scanned the application, please enter the original scan ID here if you want to rescan it. | Yes |
| Enable Mail Notification | checkBox | Select this option to notify email IDs configured in ASoC. | No |
| Commit SHA | textBox | Optional commit SHA to attach in the scan comment metadata. | No |
| Build URL | textBox | Optional build URL to attach in the scan comment metadata. | No |
| Environment | textBox | Optional environment value to attach in the scan comment metadata. | No |
| Fail Scan on Pause | checkBox | Select this option to immediately fail the process if the scan is paused. If unchecked, the process will continue running. | No |
| Scan Timeout (minutes) | textBox | Please enter a timeout for the scan (relevant for only when validating report). The default value of -1 will cause the scan to run until it completes. | No |
Start Software Composition Analysis (SCA) ASoC Scan
Starts a new Software Composition Analysis (SCA) ASoC Scan, using HCL AppScan on Cloud. This step will generate the 'ScanId' output property.
| Name | Type | Description | Required |
|---|---|---|---|
| ASoC Application ID | textBox | The ID of the application in ASoC. | Yes |
| Base Appscan URL | textBox | Please enter a base ASoC URL to scan. Ex- cloud.appscan.com, cloud.appscan.com/eu. | Yes |
| Login Key ID | textBox | The API key ID to authenticate with ASoC. | Yes |
| Login Key Secret | secureBox | The API key secret to authenticate with ASoC. | Yes |
| IRX file/Scan directory | textBox | Please point to the IRX file to be uploaded for scanning, or the directory that contains the files or other locations to scan. The files and locations that can be specified in this field include: .jar files, .war files, .ear files, Eclipse workspaces, and scan configuration files. For example, 'c:\build_output\testapp.irx' or 'c:\build_output'. | Yes |
| Scan configuration file | textBox | Please point to the path and file name of a scan configuration file. This overrides any scan configuration files which may exist in the scan directory. For example, 'c:\build_output\appscan-config.xml'. | Yes |
| Static Analyzer Client Tool location | textBox | Please point to the directory that the client tool was unzipped to. For example, C:\SAClientUtil. This property must be supplied if you need to generate the IRX file. | Yes |
| Fail condition threshold (H, M, L, I) | textBox | Please set the number of issues found (by severity) in a comma-separated list. If the threshold is reached during the scan, the scan will fail. In this field, you can specify the numbers for these severity levels: High (H), Medium (M), Low (L), and Informational (I). For example, a fail condition of '0,5,10,20' will cause the step to fail if the resulting scan has more than 0 High issues, 5 Medium issues, and so on. If this field is left empty, there will be no validation of results and the scan will not fail as a result of a fail condition. | Yes |
| Original scan ID | textBox | If you have previously scanned the application, please enter the original scan ID here if you want to rescan it. | Yes |
| Enable Mail Notification | checkBox | Select this option to notify email IDs configured in ASoC. | No |
| Fail Scan on Pause | checkBox | Select this option to immediately fail the process if the scan is paused. If unchecked, the process will continue running. | No |
| Scan Timeout (minutes) | textBox | Please enter a timeout for the scan (relevant for only when validating report). The default value of -1 will cause the scan to run until it completes. | No |
Create ASoC Presence
Create and start a new presence. To access a private site server you must start the presence in an environment that has local access to the server. The 'PresenceId' output property generated can be used to run scans in environments that do not have access to the private site.
| Name | Type | Description | Required |
|---|---|---|---|
| Login Key ID | textBox | The API key ID to authenticate with ASoC. | Yes |
| Login Key Secret | secureBox | The API key secret to authenticate with ASoC. | Yes |
| Start Presence | checkBox | Select this option to start the presence after it is created. | No |
Start ASoC Presence
Start an existing ASoC presence. The presence will be started on the agent machine that runs the step.
| Name | Type | Description | Required |
|---|---|---|---|
| Login Key ID | textBox | The API key ID to authenticate with ASoC. | Yes |
| Login Key Secret | secureBox | The API key secret to authenticate with ASoC. | Yes |
| Presence ID | textBox | Specify an ID of an existing presence, which allows you to run scans on apps not connected to the internet or require a proxy server to make a connection. The presence must be accessible to the user. | Yes |
| Renew Presence Key | checkBox | Select this option to renew the key before starting the presence. | No |
Stop ASoC Presence
Stop a running ASoC presence. This step must be run on the agent machine on which the presence was originally started.
| Name | Type | Description | Required |
|---|---|---|---|
| Login Key ID | textBox | The API key ID to authenticate with ASoC. | Yes |
| Login Key Secret | secureBox | The API key secret to authenticate with ASoC. | Yes |
| Presence ID | textBox | Specify an ID of an existing presence, which allows you to run scans on apps not connected to the internet or require a proxy server to make a connection. The presence must be accessible to the user. | Yes |
Delete ASoC Presence
Delete an ASoC presence. The presence will subsequently be stopped on any machine where it is currently running.
| Name | Type | Description | Required |
|---|---|---|---|
| Login Key ID | textBox | The API key ID to authenticate with ASoC. | Yes |
| Login Key Secret | secureBox | The API key secret to authenticate with ASoC. | Yes |
| Presence ID | textBox | Specify an ID of an existing presence that is accessible using the provided login credentials. This field will be ignored if the 'Delete All Presences' box is checked. | Yes |
| Delete All Presences | checkBox | Select this box to remove all existing ASoC presences that can be accessed with the provided login credentials. | No |