Integrating HCL AppScan on Cloud (ASoC) with HCL Accelerate

If you have ever played poker, you know it’s all about having the right combination of cards. When it comes to software, putting the right products together can also give you a winning hand. That’s why the HCL Accelerate team wants to highlight our integration with HCL AppScan and AppScan on Cloud (ASoC).

HCL Accelerate is a flexible and powerful release and value stream management tool offering visibility and governance across multiple teams and workflows. It’s a day-2 supervisory-to-ground-floor DevOps essential. HCL AppScan works amazingly well with HCL Accelerate, but no surprise there – they are both being driven by HCL’s vision of a next generation software development experience. AppScan provides security scanning, both static and dynamic, with on premise and cloud offerings. These scans are critical for quality, security, and compliance. HCL Accelerate can ingest AppScan data across teams, products, and tool-chains to ensure visibility and governance so that work can stay in motion and management can stay at ease.

Let’s get started!

This tutorial uses the cloud offering of AppScan (AppScan on Cloud or ASoC). If you do not already have an ASoC account and project, you can set one up now with a free trial. And if you don’t already have HCL Accelerate, you can download the Community Edition here. An example project and scans are shown below.

You will also need to generate an ASoC Key ID and Key Secret

When you are ready to generate scan results, run the scanner and copy and paste the scanID. We will need this later for the curl command shown in the HCL Accelerate section below.

1. Create the ASoC Integration in HCL Accelerate

1.1 Find the Plugin

In HCL Acclerate, navigate to Settings > Integrations > Plugins and with “Plugin for ASoC” click “Add Integration”.

1.2 Configure the Integration

Fill out the “Add Integration” form. Configure authentication to HCl Accelerate and ASoC.

• Integration name: ASoC_Example_Name_1
• User Access Key: Copy and paste an HCL Accelerate user access key. (you can create a key from “Settings” > “My profile” and name it ASoC_Example_Name_1)
• ASoC Base URL: https://cloud.appscan.com
• ASoC API Key ID: The ID used to authenticate to the cloud API.
• ASoC API Key Secret: The actual key used to authenticate to the cloud API.

1.3 Inspect the Integration

Confirm that the integration was created. Expand the dropdown details to view the endpoint URL. We will send ASoC data to HCL Accelerate by a POST command to the URL of the integration endpoint.

2. Sending ASoC Scan Result to HCL Accelerate

To send ASoC scan results to HCL Accelerate, simply POST a JSON object containing the scanID to the pluginEndpoint URL of the target HCL Accelerate integration.

Example Data Structure

{

"scanId": "<ASoC scan ID>",

}

Example Curl command

curl -H “Content-Type: application/json” -k -X POST https://<accelerate server>/reporting-consumer/pluginEndpoint/<integration ID>/asocScan -d “{\”scanId\”:\”<scan ID>\”}”

3. Viewing the Data

We can view the data by setting up a dashboard in HCL Accelerate. Navigate to “Insights” and click “Create Dashboard.

Create the chart by clicking “Add charts” and selecting the appropriate metrics. The default metric for ASoC data is “Application Vulnerabilities” under “Risk” (for ASoC plugin version 1.0.16 and earlier the default metric is “ASoC Tests” under “Quality”).

Filtering optional

You can create multiple chart types with different selections of data, including multiple filters and time selections.

Each chart can also reveal a details table as shown below.