start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
Select Page

We are witnessing organizations moving to cloud computing and the cloud platform continues to grow year on year. With this transition, there is always concern about Application Security, even though physical and infrastructure security may be taken care of by cloud providers. Application Security is something that we need to take care of, even in the cloud space

Azure DevOps is one such platform that provides developer services to support teams to plan work, collaborate on code development, and build and deploy applications. Developers can work in the cloud using Azure DevOps Services or on-premises using Azure DevOps Server. Azure DevOps Server was formerly named Visual Studio Team Foundation Server (TFS). The documentation can be found here.

AST in Azure DevOps

Can we add Security to Azure DevOps  and make it “DevSecOps”, where security is integrated into the CI/CD pipeline and promotes a Shift-Left strategy? The short answer is “Yes.”

As you are aware, HCL Appscan on Cloud (ASoC) is a one-stop solution for all the AST functions that you need to perform: SAST, DAST, MAST, IAST and OSS.

This solution can be integrated well into the DevOps cycle with the most popular Azure DevOps in the form of extensions, which can be availed for free. That’s an added bonus.

The integration empowers developers and security analysts to find and fix vulnerabilities. So what are the features of this extension? Does it fit my pipeline requirements? Can I see the reports? How easy is it to configure? The answer to the configuration question is “YES,” so let’s take a deeper dive into that topic now.

Installation, configuration and operation of HCL AppScan Extension

Installation and Setup of HCL AppScan is very easy. You can download the extension from the Azure DevOps marketplace, and it is free.

Once the extension is installed, it needs to be configured with ASoC credentials with the KeyID and KeySecret using the Service Connection in Azure DevOps.

service connection

The HCL AppScan extension is now ready to be incorporated with your project’s CI/CD pipeline.

You can perform SAST/DAST/MAST/OSS scanning by adding the Run HCL Appscan Security script into your project pipeline.

Here’s an example:

task: HCLAppScan@1


    AppSecTestService: ‘ASoC’

    applications: ‘dc199ea3-1f1e-49b1-8f0d-54b6ee457e71’

    scanname: ‘Azure’

    scantype: ‘static’

Refer to this link for additional installation details.

Some important features that use the HCL AppScan extension are:

  1. Enablement and configuration of settings, such as the type of testing to be performed, email alerts and fail build conditions before triggering a build.
  2. A view of the build’s progress in the console.

framework analysis

3. A summary view of the issues once the scan is completed.

hcl appscan summary

4. A download the Scan report for consumption.

Advantages of the HCL AppScan Extension

  1. It enables organizations to expand from “DevOps” to “DevSecOps,” by catering to their AST needs, ultimately resulting in delivery of more secure software.
  2. Developer empowerment to perform checks for security vulnerabilities as developers are coding, without the need to move back and forth from ASoC to Azure DevOps.
  3. Empowerment of security analysts and other key stakeholders to perform scans and download reports for consumption.

By using the HCL AppScan Extension on Azure DevOps, your organization is empowered to perform all types of scanning without the need to juggle between different tools. You can benefit from the Machine Learning capabilities of Appscan like Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA), which provide results that are based on actionable issues and Fix groups.

To learn more about the impact of IFA and ICA on SAST scan results for AppScan on Cloud, click here.

Finally, HCL AppScan’s reports are vast and detailed, and they can be consumed by multiple stakeholders, such as developers and security analysts.

To Learn More

Click here to begin your free 30-day trial of HCL AppScan on Cloud and test-drive AppSec on your own.







Comment wrap
Secure DevOps | August 2, 2023
Find More Vulnerabilities Than Ever Before with the new HCL AppScan Version 10.3.0
HCL AppScan continues to push forward on an accelerated innovation roadmap with the release of version 10.3.0 for three on-prem software products: HCL AppScan Standard, Enterprise, and Source.
Secure DevOps | July 5, 2023
HCL AppScan's Dynamic Start to 2023: A First Quarter Event Recap
Get the scoop on HCL AppScan’s first quarter of 2023 as we recap our active engagement in industry-leading events around the world.
Automation | February 23, 2023
Key Findings from Recent Application Security Testing Trends Report
The recently published 2022 Application Security Testing Trends Report has generated a lot of interest in the application security community.