Filters

CLEAR ALL

Search Results ()

Filter Icon

Search Results ()

    All Plugins (172)

    Filter Icon

    Quick Info

    Product icon
    Product
    DevOps Velocity (HCL Accelerate)
    Plugin type icon
    Type
    plugin
    Compatibility icon
    Compatibility
    HCL DevOps Velocity version 2.0 or later
    created by icon
    Created by
    HCL Software
    Website icon
    Website
    Published Date
    March 8th, 2021
    Last Updated
    April 4th, 2024

    Description

    HCL AppScan Enterprise delivers scalable application security testing and risk management capabilities, to help enterprises manage risk and compliance. HCL AppScan enables security, DevOps teams to collaborate, establish policies, and perform testing throughout the application development lifecycle.

    Quick Info

    Product icon
    Product
    DevOps Velocity (HCL Accelerate)
    Plugin type icon
    Type
    plugin
    Compatibility icon
    Compatibility
    HCL DevOps Velocity version 2.0 or later
    created by icon
    Created by
    HCL Software
    Website icon
    Website
    Published Date
    March 8th, 2021
    Last Updated
    April 4th, 2024

    ucv-ext-appscan:2.0.51.tar

    Uploaded: 04-Apr-2024 08:33

    Pull Command

    docker pull hclcr.io/accelerate/ucv-ext-appscan:2.0.51

    Release Notes

  • Bug Fix: Previous version of the plug-in was not showing AppScan Enterprise Issues in Value Streams page, where list of all Value Streams shown as rows and different metrics shown as columns. With this version, one can get clear insight into number of security issues found for each VSM under the column of AppScan Enterprise Issues.
  • ucv-ext-appscan:2.0.48.tar

    Uploaded: 25-Sep-2023 10:51

    Pull Command

    docker pull hclcr.io/accelerate/ucv-ext-appscan:2.0.48

    Release Notes

  • Bug Fix:This version of HCL Appscan Enterprise plugin sync appscan data only when appscan enterprise version is 10.0.0 or greater than 10.0.0. Plugin throws error if appscan enterprise version is older and no syncing of appscan data happens.
  • Disabled certificate verification:Disabled strict certificate verification for REST API calls made by plugin.
  • ucv-ext-appscan:2.0.47.tar

    Uploaded: 18-May-2023 06:01

    Pull Command

    docker pull hclcr.io/accelerate/ucv-ext-appscan:2.0.47

    Release Notes

  • Bug Fix:This version of HCL Appscan Enterprise plugin sync appscan data only when appscan enterprise version is 10.0.0 or greater than 10.0.0. Plugin throws error if appscan enterprise version is older and no syncing of appscan data happens.
  • Disabled certificate verification:Disabled strict certificate verification for REST API calls made by plugin.
  • ucv-ext-appscan:2.0.41.tar

    Uploaded: 17-Oct-2022 12:31

    Pull Command

    docker pull hclcr.io/accelerate/ucv-ext-appscan:2.0.41

    Release Notes

  • Removed Manual User Access Key:From current version onwards this plugin will only support Auto Generated User Access Key feature of DevOps Velocity.
  • Initial Sync Date Field Added:Under the hidden properties section of add integration page for the HCL Appscan Enterprise plugin an Initial Sync Date field is added. This field is optional and can be used only for the first sync.
  • Added WorkflowId: Under the hidden properties section of add integration page for HCL Appscan Enterprise plugin a Workflow ID field is added. This field is optional and can be used to provide DevOps Velocity WorkflowId - the ID of a Value Stream (VSM )to which HCL Appscan Enterprise vulnerability data is associated.
  • Preventing Installation on Older Versions: This version of HCL Appscan Enterprise Plugin can only be installed on DevOps Velocity version 3.0.0 and later
  • ucv-ext-appscan:2.0.35.tar

    Uploaded: 01-Mar-2022 09:38

    Pull Command

    docker pull hclcr.io/accelerate/ucv-ext-appscan:2.0.35

    Release Notes

  • Scheduled Event Functionality Added
  • UAK Changes
  • Issue Level Data Chart Added
  • ucv-ext-appscan:1.0.31.tar

    Uploaded: 03-May-2021 13:47

    Pull Command

    docker pull hclcr.io/accelerate/ucv-ext-appscan:1.031

    Release Notes

  • Removed IBM related keywords
  • ucv-ext-appscan:1.0.30.tar

    Uploaded: 07-Apr-2021 06:28

    Pull Command

    docker pull hclcr.io/accelerate/ucv-ext-appscan:1.031

    Release Notes

  • Updated data retrieval logic
  • ucv-ext-appscan:1.0.23.tar

    Uploaded: 08-Feb-2021 07:31

    Pull Command

    docker pull hclcr.io/accelerate/ucv-ext-appscan:1.031

    Release Notes

  • Bug fix.
  • ucv-ext-appscan:1.0.22.tar

    Uploaded: 08-Feb-2021 07:31

    Pull Command

    docker pull hclcr.io/accelerate/ucv-ext-appscan:1.031

    Release Notes

  • Added Build URL to link Appscan Enterprise scan results in VSM.
  • Summary

    The AppScan Enterprise plugin provides integration with an HCL AppScan Enterprise server. This plugin retrieves the security vulnerability report of the application and displays it as Insights metrics.

    History

    The following table describes the changes made in each plugin version.

    Plugin history details
    Version Description
    2.0.35 Scheduled Event Functionality Added,
    UAK Changes,
    Issue Level Data Chart Added.
    1.0.23 Minor enhancements
    1.0.22 Minor enhancements

    Usage

    To use the AppScan Enterprise plugin, the plugin must be loaded and an instance created before you can configure the plugin integration. You define configuration properties in the user interface or in a JSON file. After the integration is complete, to invoke the plugin send an HTTP Post request to the plugin endpoint

    Integration type

    The AppScan Enterprise plugin supports endpoint integration which are listed in the following table.

    Endpoints
    Name Path Method
    AppScan Callback appscan/callback Put

    Invoking the plugin

    To import data from the HCL AppScan Enterprise server, send an HTTP POST request to your endpoint such as the following sample.

    
    https:///pluginEndpoint//appscan/callback
    

    The payload for the POST is shown below.

    {"application":"", "buildUrl": ""}.

    Name Description
    application he application name from the scan ran in Appscan Enterprise. It is a mandatory field to render the scan results in HCL DevOps Velocity.
    buildUrl The build URL from Jenkins or any other CI/CD tool. It is an optional field which links the Appscan Enterprise scan results with VSM.

    Integration

    There are two methods to integrate the plugin:

    • Using the user interface
    • Using a JSON file

    The tables in the Configuration properties topic describe the properties used to define the integration.

    Using the user interface

    1. From the Plugins page, click Settings > Integrations > Plugins.
    2. Under the Action column for the plugin, click Add Integration.
    3. On the Add Integration page enter values for the fields used to configure the integration and define communication.
    4. Click Save.

    Using a JSON file

    The JSON file contains the information for creating a value stream. Within the JSON file is a section for integrations. It is in this section that plugin properties can be defined.

    1. From a value stream page, download the value stream map. The value stream map is a JSON file used to define integrations.
    2. Edit the JSON file to include the plugin configuration properties.
    3. Save and upload the JSON file. This replaces the current JSON file with the new content.
    4. View the new integration on the Integrations page.

    Minimum permission to integrate with HCL AppScan Enterprise (ASE)

    The HCL AppScan Enterprise (ASE) Account used to generate the token must have access to the project which is being integrated with HCL DevOps Velocity.

    Configuration Properties

    The following tables describe the properties used to configure the integration. Each table contains the field name when using the user interface and the property name when using a JSON file.

    • The General Configuration Properties table describes configuration properties used by all plugin integrations.
    • The AppScan Enterprise Configuration Properties table describes the configuration properties that define the connection and communications with the HCL AppScan Enterprise server. When using the JSON method to integrate the plugin these properties are coded within the properties configuration property.

    Some properties might not be displayed in the user interface, to see all properties enable the Show Hidden Properties field.

    General Configuration properties
    Name Description Required Property Name
    NA The version of the plugin that you want to use. To view available versions, click the Version History tab. If a value is not specified, the version named latest is used. No image
    Integration Name An assigned name to the value stream. Yes name
    Logging Level The level of Log4j messages to display in the log file. Valid values are: all, debug, info, warn, error, fatal, off, and trace. No loggingLevel
    NA List of plugin configuration properties used to connect and communicate with the HCL AppScan Enterprise server. Enclose the properties within braces. Yes properties
    The name of the tenant. Yes tenant_id
    NA Unique identifier assigned to the plugin. The value for the HCL AppScan Enterprise plugin is ucv-ext-appscan Yes type
    HCL AppScan Enterprise Configuration Properties
    Name Type Description Required Property Name
    Password Secure The password to authenticate with the HCL AppScan Enterprise server. Yes password
    Get Issue Level Data Boolean Check the box to get issue level data. false getIssueLevelData
    Workflow Id String The value stream that this metric is associated. false workflowId
    User Name String The user name to use to authenticate with the HCL AppScan Enterprise server. Yes username
    URL String The URL of the HCL AppScan Enterprise server. Include the port number. Yes url
    Run as Scheduled Event Boolean Check the box to run the intergration as Scheduled Event. No isScheduledEvent
    Applications Multiline Newline seperated list of application names. If kept empty all applications will be synced. no applications