start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
Close
Select Page

If you have ever played poker, you know it’s all about having the right combination of cards. When it comes to software, putting the right products together can also give you a winning hand. That’s why the HCL Accelerate team wants to highlight our integration with HCL AppScan and AppScan on Cloud (ASoC).

HCL Accelerate is a flexible and powerful release and value stream management tool offering visibility and governance across multiple teams and workflows. It’s a day-2 supervisory-to-ground-floor DevOps essential. HCL AppScan works amazingly well with HCL Accelerate, but no surprise there – they are both being driven by HCL’s vision of a next generation software development experience. AppScan provides security scanning, both static and dynamic, with on premise and cloud offerings. These scans are critical for quality, security, and compliance. HCL Accelerate can ingest AppScan data across teams, products, and tool-chains to ensure visibility and governance so that work can stay in motion and management can stay at ease.

Let’s get started!

This tutorial uses the cloud offering of AppScan (AppScan on Cloud or ASoC). If you do not already have an ASoC account and project, you can set one up now with a free trial. And if you don’t already have HCL Accelerate, you can download the Community Edition here. An example project and scans are shown below.

Integrating HCL AppScan on Cloud

You will also need to generate an ASoC Key ID and Key Secret

Integrating HCL AppScan on Cloud

When you are ready to generate scan results, run the scanner and copy and paste the scanID. We will need this later for the curl command shown in the HCL Accelerate section below.

Integrating HCL AppScan on Cloud

1. Create the ASoC Integration in HCL Accelerate

1.1 Find the Plugin

In HCL Acclerate, navigate to Settings > Integrations > Plugins and with “Plugin for ASoC” click “Add Integration”.

Integrating HCL AppScan on Cloud

1.2 Configure the Integration

Fill out the “Add Integration” form. Configure authentication to HCl Accelerate and ASoC.

  • Integration name: ASoC_Example_Name_1
  • User Access Key: Copy and paste an HCL Accelerate user access key. (you can create a key from “Settings” > “My profile” and name it ASoC_Example_Name_1)
  • ASoC Base URL: https://cloud.appscan.com
  • ASoC API Key ID: The ID used to authenticate to the cloud API.
  • ASoC API Key Secret: The actual key used to authenticate to the cloud API.

Integrating HCL AppScan on Cloud

1.3 Inspect the Integration

Confirm that the integration was created. Expand the dropdown details to view the endpoint URL. We will send ASoC data to HCL Accelerate by a POST command to the URL of the integration endpoint.

Integrating HCL AppScan on Cloud

2. Sending ASoC Scan Result to HCL Accelerate

To send ASoC scan results to HCL Accelerate, simply POST a JSON object containing the scanID to the pluginEndpoint URL of the target HCL Accelerate integration.

Example Data Structure

{

"scanId": "<ASoC scan ID>",

}

 

 

Example Curl command

curl -H “Content-Type: application/json” -k -X POST https://<accelerate server>/reporting-consumer/pluginEndpoint/<integration ID>/asocScan -d “{\”scanId\”:\”<scan ID>\”}”

3. Viewing the Data

We can view the data by setting up a dashboard in HCL Accelerate. Navigate to “Insights” and click “Create Dashboard.

Integrating HCL AppScan on Cloud

Create the chart by clicking “Add charts” and selecting the appropriate metrics. The default metric for ASoC data is “Application Vulnerabilities” under “Risk” (for ASoC plugin version 1.0.16 and earlier the default metric is “ASoC Tests” under “Quality”).

Integrating HCL AppScan on Cloud

Filtering optional

You can create multiple chart types with different selections of data, including multiple filters and time selections.

Integrating HCL AppScan on Cloud

Each chart can also reveal a details table as shown below.

Integrating HCL AppScan on Cloud

 

Comment wrap

Start a Conversation with Us

We’re here to help you find the right solutions and support you in achieving your business goals.

Secure DevOps | September 30, 2024
Announcing the End of Support for HCL DevOps Velocity (formerly HCL Accelerate) 5.0.8 and Earlier Versions
Announcing End of Support for HCL DevOps Velocity 5.0.8 and earlier on June 30, 2025. Upgrade now to the latest version for continued support and access to the newest features!
Secure DevOps | August 6, 2024
Announcing Our Latest Product Release: Enhancing Efficiency and Predictive Power with GenAI and More
HCL Velocity 2024.06 (5.0.6) is here with GenAI summaries, Risk Estimator 2.0, improved observability, value stream management enhancements, and simplified architecture. Learn more now!
Secure DevOps | March 13, 2024
2023 Value Stream Management Trends: A Recap
New survey reveals challenges and trends in Value Stream Management. Learn how to improve collaboration, gain insights, and drive efficiency.