Description

HCL AppScan Enterprise enables organizations to mitigate application security risk and achieve regulatory compliance. This plugin includes steps to run AppScan Enterprise scans and retrieve scan results in HCL Launch processes.

Quick Info

Product
HCL Launch
Type
plugin
Compatibility
HCL Launch version 7.1.0 or later
Created by
HCL Software
Website
Version Name Action

14.1101790

launch-appscan-14.1101790.zip

14.1105371

launch-appscan-14.1105371.zip

launch-appscan-14.1101790.zip

14.1101790


launch-appscan-14.1105371.zip

14.1105371


Summary

The HCL AppScan Enterprise plugin for HCL Launch includes steps that run security scans and retrieve reports.

This plugin includes one or more steps, click Steps for step details and properties.

Compatibility

This plugin requires HCL Launch version 7.1.0 or later.

Installation

See Installing plugins in HCL Launch for installing and removing plugins.

History

The following table describes the changes made in each plugin version.

Plugin history details
Version Description
14
  • Added beta feature of AppScans Webhook configuration.
  • Added Delete Folder Item step to enable the deletion of a Scan or Report.

Usage

Step palette

To access this plugin in the palette, lick Security > AppScan Enterprise.

Steps

Step palette

To access this plugin in the palette, lick Security > AppScan Enterprise.

————–Steps ————–
The following process steps are available in the AppScan plugin.

Configure Job Options

Configure scan job options.

Input properties for the Configure Job Options step
Name Type Description Required
AppScan Enterprise URL String AppScan Enterprise Control Center URL. For example, https://localhost/ Yes
HTTP Authentication Enumeration Check this field to enable Basic/NTLM authentication. Values are default, true, false, and ${p?:component/appscan.httpAuth}. No
HTTP Password Password No
HTTP User String No
Password Password Password to log into ASE. Yes
Recorded Traffic .htd File String No
Scan FIID String FIID of the scan to configure. This is found in the scans URL. Yes
Scan Limit String No
Scan Site Password Password Password to use when logging into the site. Input here will overwrite the password if there is already one set in the scan. No
Scan Site User String User to log into the site as. Input here will overwrite the username if there is already one set in the scan. No
Set Automatic Login Enumeration Set to true to automatically login with the given Scan Site User and Scan Site Password. Values are default, true, false, and ${p?:component/appscan.setAuto}. No
Site URL String URL of site to scan. If there is already at least one starting URL associated with the scan, input here will add to the list of URLs. No
User String Username to log into ASE. Yes

Create Scan

Create an AppScan security scan.

Input properties for the Create Scan step
Name Type Description Required
AppScan Enterprise URL String AppScan Enterprise Control Center URL. For example, https://localhost/ Yes
Application ID String The application ID. Used to associate the job with an application. No
Folder ID String ID of the specific folder in which to create the scan and report pack. If this is left blank, the scan and report pack will be created in the root folder. No
Password Password Password to log into ASE. Yes
Scan Description String The description to give to the newly created scan. Yes
Scan Name String The name to give to the newly created scan. Yes
Template Name String Name of the template to use to create the scan and report pack. Must be a valid template that you have access to in the Templates directory or any of its subfolders. Yes
User String Username to log into ASE. Yes

Delete Folder Item

Delete a folder item, such as a Scan or Report, from the AppScan Scans view.

Input properties for the Delete Folder Item step
Name Type Description Required
AppScan Enterprise URL String AppScan Enterprise Control Center URL, For example, https://localhost/ Yes
Folder Item FIID String Specify a Folder Item FIID to delete. Example: Scan or Folder FIID. Yes
Password Password Password to log into ASE. Yes
User String Username to log into ASE. Yes

List Templates

Retrieve and print a list of available job templates.

Input properties for the List Templates step
Name Type Description Required
AppScan Enterprise URL String AppScan Enterprise Control Center URL. For example, https://localhost/ Yes
Password Password Password to log into ASE. Yes
User String Username to log into ASE. Yes

Retrieve PDF Report

Retrieve report from AppScan Enterprise. Reports are saved as a PDF file named AppScanReportOutput-[date]-[time].zip

Input properties for the Retrieve PDF Report step
Name Type Description Required
AppScan Enterprise Port String AppScan Enterprise Port number. Yes
AppScan Enterprise URL String AppScan Enterprise Control Center URL, For example, https://localhost/ Yes
Application ID String ID of the application report to retrieve. Yes
File Path String Path of file to write report info to. For example, C:/reports/ Yes
Password Password Password to log into ASE. Yes
Scan Name String The name of the scan within the application. The format is {scanName} ({scanFIID}). For example, Test Scan (171). No
User String Username to log into ASE. Yes

Retrieve Report

Retrieve report pack summary and specific report information from AppScan Enterprise. Reports are saved as a xml files named [reportFIID]-Summary.xml and [reportFIID]-[reportName].xml

Input properties for the Retrieve Report step
Name Type Description Required
AppScan Enterprise URL String AppScan Enterprise Control Center URL. For example, https://localhost/ Yes
Password Password Password to log into ASE. Yes
Report Destination String Folder path to save the report file. Default location is the working directory. Example: C:/reports/. The full file path will be saved as an output property. No
Report FIID String FIID of the report pack to retrieve. This is found in the reports URL. Yes
Report Name String The name of the report within the report pack to retrieve the issue counts. If empty, then no report counts are retrieved. No
User String Username to log into ASE. Yes

Run Scan

Run an AppScan security scan.

Input properties for the Run Scan step
Name Type Description Required
AppScan Enterprise URL String AppScan Enterprise Control Center URL. For example, https://localhost/ Yes
Password Password Password to log into ASE. Yes
Reports FIID String FIID of the report pack associated with the scan. If not given, step may finish before waiting for report pack to complete. This is found in the reports URL. No
Retries String The number of times to retry running the scan, in case of failure. No
Scan FIID String FIID of the scan to run. This is found in the scans URL. Yes
Timeout String Timeout, in minutes, at which the step fails if the scan is not yet complete. Minimum is 5 minutes. No
User String Username to log into ASE. Yes

Wait for Scan

Wait for an AppScan Scan to complete.

Input properties for the Wait for Scan step
Name Type Description Required
AppScan Enterprise URL String AppScan Enterprise Control Center URL, For example, https://localhost/ Yes
Password Password Password to log into ASE. Yes
Scan FIID String FIID of the scan to wait for. This is found in the scan URL. Yes
Timeout String Timeout, in minutes, at which the step fails if the scan is not yet complete. Leave empty to wait indefinitely. No
User String The user name for connecting to ASE. Yes