start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
start portlet menu bar end portlet menu bar
Close
Select Page
Secure DevOps
  | September 7, 2023

HCL AppScan 360º Integrations with Jenkins and Azure DevOps Provides Powerful DevSecOps

Parimal Sureshagarkhed
Parimal Sureshagarkhed
Lead Software Engineering
HCL AppScan 360º Integrations with Jenkins and Azure DevOps Provides Powerful DevSecOps

Have you ever wondered how giant websites like Facebook, Netflix, and Amazon keep adding new features to their websites with no perceivable downtime or disruption to the user experience? A lot of this is accomplished with cloud-based development platforms that allow application innovations to take place at ever-increasing speeds.

While cloud-based services are increasingly being used for much of this type of development, they are not right for every use case. Perhaps you have security concerns over sending confidential code up to the cloud for testing. Perhaps cloud service is not permitted by your industry or in some cases, by your country.
When the cloud is not an option, consider HCL AppScan 360º. This new self-managed application security testing platform from HCLSoftware can be deployed on-prem or on private cloud, and provides the same modern UI, speed, and integrations as HCL AppScan on Cloud, an industry-leading cloud-based SaaS (software as a service) offering.

Together these two platforms include a complete suite of application security testing capabilities (SAST, DAST, IAST, SCA) and empower organizations with centralized dashboards for improved security posture and visibility into their security posture.

HCL AppScan 360º Architecture

Integrations and Features

HCL AppScan 360º allows you to continuously update and release applications using the integrations of industry-leading CI/CD tools like Jenkins and Azure.

Using HCL AppScan 360º integrations, the privacy of the scans and the scan data is maintained. There is no mandatory requirement for the users to create separate test data for security tests as the security scan data is within the user’s environment. Also, additional efforts toward audits and compliance are not required as the scan data is very secure and not accessible outside the user’s environment.

You can manage distributed builds using Controller agent configuration in which Jenkins and Azure’s pipelines allocate the different jobs to various agent machines. With this approach, you can efficiently apply SAST (Static Application Security Test) scans of multiple newly built projects. The security summary of issues for each project is displayed along with the security test report.

Security Test Reports

HCL AppScan provides comprehensive, detailed security test reports that contain scan issues along with remediation guidance for the issues reported. The reports are designed to be accessed and used by multiple stakeholders such as developers and security analysts. You can view sample reports here. A sample build summary obtained on executing a SAST scan is shown below.

Users can view the scan report by simply clicking on the scan name “Demo_SAST_AppScan360”. HCL AppScan 360º can test your applications for an extensive list of issues including CrossSite Scripting (XSS), SQL injection, weak authentication, email phishing, and many more.

Source Code Only (SCO) scanning can also be performed to security scan an uncompiled code to head off issues and confirm a programmatic approach before the project is too far along. The issues would be reported and remediation for the vulnerable code is suggested.

You can configure the build to fail based on the security results such as a specified number of high severity vulnerabilities. The sample message in Jenkins build in such a case is shown below.

HCL AppScan 360º, a cloud-native application security platform provides wider scan coverage and more accurate scans in less time with proven AI/machine learning capabilities like Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA). Scan time can be reduced by choosing a balance between speed and issue coverage. Choose faster scans early in the development lifecycle to identify basic security issues; choose deeper scans later in the cycle to ensure complete coverage for your application.

The initial release of HCL AppScan 360º focuses on SAST or source testing. SAST, DAST, IAST and SCA technologies are all available as-a-service on cloud (HCL AppScan on Cloud). Future HCL AppScan 360º releases will roll out all four technologies in an increasing number of deployment options including cloud native, sovereign cloud, MSP and Federal Support.  

Learn more about HCL AppScan 360º and all our application security solutions, or contact us to start your own HCL AppScan 360º journey today!

Comment wrap
Parimal Sureshagarkhed
Parimal Sureshagarkhed
Lead Software Engineering
Parimal Agarkhed is currently a Lead Software Engineer at HCL AppScan, focusing on testing integration components for DevSecOps. He has 17+ years of professional experience in the IT space, including contributions toward the Application Security domain for the past three years. When not on his laptop, he likes to travel, explore and share his experiences.
Read more

Topics in this article:

cloud-native application security platformHCL AppScan 360cloud application securityDevSecOps

Submit a Comment

Your email address will not be published. Required fields are marked *

* HCL provides software and services to the U.S. Federal Government through its partner Four, Inc. Please contact Four, Inc. at the U.S. Federal Government contact page.


start portlet menu bar end portlet menu bar