start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
Close
Select Page

We are witnessing organizations moving to cloud computing and the cloud platform continues to grow year on year. With this transition, there is always concern about Application Security, even though physical and infrastructure security may be taken care of by cloud providers. Application Security is something that we need to take care of, even in the cloud space

Azure DevOps is one such platform that provides developer services to support teams to plan work, collaborate on code development, and build and deploy applications. Developers can work in the cloud using Azure DevOps Services or on-premises using Azure DevOps Server. Azure DevOps Server was formerly named Visual Studio Team Foundation Server (TFS). The documentation can be found here.

AST in Azure DevOps

Can we add Security to Azure DevOps  and make it “DevSecOps”, where security is integrated into the CI/CD pipeline and promotes a Shift-Left strategy? The short answer is “Yes.”

As you are aware, HCL Appscan on Cloud (ASoC) is a one-stop solution for all the AST functions that you need to perform: SAST, DAST, MAST, IAST and OSS.

This solution can be integrated well into the DevOps cycle with the most popular Azure DevOps in the form of extensions, which can be availed for free. That’s an added bonus.

The integration empowers developers and security analysts to find and fix vulnerabilities. So what are the features of this extension? Does it fit my pipeline requirements? Can I see the reports? How easy is it to configure? The answer to the configuration question is “YES,” so let’s take a deeper dive into that topic now.

Installation, configuration and operation of HCL AppScan Extension

Installation and Setup of HCL AppScan is very easy. You can download the extension from the Azure DevOps marketplace, and it is free.

Once the extension is installed, it needs to be configured with ASoC credentials with the KeyID and KeySecret using the Service Connection in Azure DevOps.

service connection

The HCL AppScan extension is now ready to be incorporated with your project’s CI/CD pipeline.

You can perform SAST/DAST/MAST/OSS scanning by adding the Run HCL Appscan Security script into your project pipeline.

Here’s an example:

task: HCLAppScan@1

  inputs:

    AppSecTestService: ‘ASoC’

    applications: ‘dc199ea3-1f1e-49b1-8f0d-54b6ee457e71’

    scanname: ‘Azure’

    scantype: ‘static’

Refer to this link for additional installation details.

Some important features that use the HCL AppScan extension are:

  1. Enablement and configuration of settings, such as the type of testing to be performed, email alerts and fail build conditions before triggering a build.
  2. A view of the build’s progress in the console.

framework analysis

3. A summary view of the issues once the scan is completed.

hcl appscan summary

4. A download the Scan report for consumption.

Advantages of the HCL AppScan Extension

  1. It enables organizations to expand from “DevOps” to “DevSecOps,” by catering to their AST needs, ultimately resulting in delivery of more secure software.
  2. Developer empowerment to perform checks for security vulnerabilities as developers are coding, without the need to move back and forth from ASoC to Azure DevOps.
  3. Empowerment of security analysts and other key stakeholders to perform scans and download reports for consumption.

By using the HCL AppScan Extension on Azure DevOps, your organization is empowered to perform all types of scanning without the need to juggle between different tools. You can benefit from the Machine Learning capabilities of Appscan like Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA), which provide results that are based on actionable issues and Fix groups.

To learn more about the impact of IFA and ICA on SAST scan results for AppScan on Cloud, click here.

Finally, HCL AppScan’s reports are vast and detailed, and they can be consumed by multiple stakeholders, such as developers and security analysts.

To Learn More

Click here to begin your free 30-day trial of HCL AppScan on Cloud and test-drive AppSec on your own.

 

 

 

 

 

 

Comment wrap

Start a Conversation with Us

We’re here to help you find the right solutions and support you in achieving your business goals.

Secure DevOps | October 29, 2024
HCL AppScan 360º v1.4.0: Redefining AppSec with Powerful New Features
Explore HCL AppScan 360º v1.4.0 with VM installation, GitHub integration, GenAI AutoFix, and enhanced DAST/SAST features for seamless security management.
Secure DevOps | October 28, 2024
DAST and SCA Capabilities: Latest Updates in HCL AppScan on Cloud
Discover the latest DAST, SCA, and integration updates in HCL AppScan on Cloud, enhancing application security and streamlining development workflows.
Secure DevOps | October 23, 2024
HCL AppScan 10.7.0: AI-Driven Security & API Scanning Upgrades
Discover the new features of HCL AppScan 10.7.0, including AI-powered vulnerability detection, enhanced API scanning, and a modernized user interface for better security.