add AS360 support

README.md

@@ -50,6 +50,8 @@ After doing so, you can execute the prepare goal using the "appscan" prefix. For
     staticAnalysisOnly	false					Only run static analysis. Do not run software composition analysis (SCA).
     jspCompiler     Default Tomcat JSP Compiler                     The JSP compiler path.
     thirdParty		false					Include known third party packages in static analysis (not recommended).
+    serviceUrl		null					REQUIRED for AppScan 360. The AppScan 360 service url. Not applicable to AppScan on Cloud.
+    acceptssl		false					Ignore untrusted certificates when connecting to AppScan 360. Only intended for testing purposes. Not applicable to AppScan on Cloud.
 
 # License
 

pom.xml

@@ -93,7 +93,7 @@
 		<dependency>
 			<groupId>com.hcl</groupId>
 			<artifactId>appscan.sdk</artifactId>
-			<version>1.0.32</version>
+			<version>1.1.1</version>
 		</dependency>
 	</dependencies>
 

src/main/java/com/hcl/appscan/maven/plugin/auth/MavenAuthenticationProvider.java

@@ -1,5 +1,5 @@
 /**
- * © Copyright HCL Technologies Ltd. 2020, 2022. 
+ * © Copyright HCL Technologies Ltd. 2020, 2024. 
  * LICENSE: Apache License, Version 2.0 https://www.apache.org/licenses/LICENSE-2.0
  */
 
@@ -29,18 +29,22 @@ public class MavenAuthenticationProvider implements IAuthenticationProvider {
     private String m_token = null;
     private String m_key;
     private String m_secret;
+    private String m_serviceUrl;
     private String m_clientType;
+    private boolean m_acceptssl = false;
     private Server m_server;
     private SettingsDecrypter m_settingsDecrypter;
 
-    public MavenAuthenticationProvider(String key, String secret, MavenSession session, SettingsDecrypter decrypter) {
-    	this(key, secret, session, decrypter, null);
+    public MavenAuthenticationProvider(String key, String secret, MavenSession session, SettingsDecrypter decrypter, String clientType) {
+    	this(key, secret, session, decrypter, clientType, null, false);
     }
 
-    public MavenAuthenticationProvider(String key, String secret, MavenSession session, SettingsDecrypter decrypter, String clientType) {
+    public MavenAuthenticationProvider(String key, String secret, MavenSession session, SettingsDecrypter decrypter, String clientType, String serviceUrl, boolean acceptssl) {
     	m_key = key;
     	m_secret = secret;
+    	m_serviceUrl = serviceUrl;
     	m_server = session.getSettings().getServer(IMavenConstants.APPSCAN_SERVER);
+    	m_acceptssl = acceptssl;
     	m_settingsDecrypter = decrypter;
     	m_clientType = clientType;
     }
@@ -69,7 +73,7 @@ public Map<String, String> getAuthorizationHeader(boolean persist) {
 
 	@Override
 	public String getServer() {
-		return SystemUtil.getServer(getKey());
+		return m_serviceUrl == null || m_serviceUrl.trim().isEmpty() ? SystemUtil.getServer(getKey()) : m_serviceUrl;
 	}
 
 	@Override
@@ -111,4 +115,9 @@ private Server getMavenServer() {
 
 		return result.getServer();
 	}
+
+	@Override
+	public boolean getacceptInvalidCerts() {
+		return m_acceptssl;
+	}
 }

src/main/java/com/hcl/appscan/maven/plugin/mojos/AnalyzeMojo.java

@@ -1,5 +1,5 @@
 /**
- * © Copyright HCL Technologies Ltd. 2020, 2022. 
+ * © Copyright HCL Technologies Ltd. 2020, 2024. 
  * LICENSE: Apache License, Version 2.0 https://www.apache.org/licenses/LICENSE-2.0
  */
 
@@ -78,7 +78,7 @@ protected void run() throws MojoExecutionException {
 	}
 
 	private IScanServiceProvider getServiceProvider() throws AppScanException {
-		IAuthenticationProvider authProvider = new MavenAuthenticationProvider(appscanKey, appscanSecret, session, settingsDecrypter, getClientType());
+		IAuthenticationProvider authProvider = new MavenAuthenticationProvider(appscanKey, appscanSecret, session, settingsDecrypter, getClientType(), getServiceUrl(), shouldAcceptSSL());
 		IScanServiceProvider serviceProvider = new CloudScanServiceProvider(getProgress(), authProvider);
 		return serviceProvider;
 	}

src/main/java/com/hcl/appscan/maven/plugin/mojos/SASTMojo.java

@@ -1,5 +1,5 @@
 /**
- * © Copyright HCL Technologies Ltd. 2017-2023. 
+ * © Copyright HCL Technologies Ltd. 2017-2024. 
  * LICENSE: Apache License, Version 2.0 https://www.apache.org/licenses/LICENSE-2.0
  */
 
@@ -51,6 +51,18 @@ public abstract class SASTMojo extends AppScanMojo {
 	 */
 	@Parameter (property="staticAnalysisOnly", alias="staticAnalysisOnly", defaultValue="false", required=false, readonly=false) //$NON-NLS-1$ //$NON-NLS-2$
 	private Boolean m_isStaticAnalysisOnly;
+
+	/**
+	 * Ignore untrusted certificates when connecting to AppScan 360. Only intended for testing purposes. Not applicable to AppScan on Cloud.
+	 */
+	@Parameter (property="acceptssl", alias="acceptssl", defaultValue="false", required=false, readonly=false) //$NON-NLS-1$ //$NON-NLS-2$
+	private Boolean m_acceptssl;
+
+	/**
+	 * The AppScan 360 service url. Not applicable to AppScan on Cloud.
+	 */
+	@Parameter (property="serviceUrl", alias="serviceUrl", required=false, readonly=false) //$NON-NLS-1$ //$NON-NLS-2$
+	private String m_serviceUrl;
 
 	private File m_irx;
 	private SASTScanManager m_scanManager;
@@ -85,14 +97,24 @@ protected File getIrx() {
 		return m_irx;
 	}
 
+	protected String getServiceUrl() {
+		return m_serviceUrl;
+	}
+
+	protected boolean shouldAcceptSSL() {
+		return m_acceptssl;
+	}
+
 	protected Map<String, String> getScanProperties() {
 		Map<String, String> properties = new HashMap<String, String>();
 		properties.put(CoreConstants.SCAN_NAME, getScanName());
 		properties.put(SASTConstants.SAVE_LOCATION, m_irx.getParent());
-		properties.put("APPSCAN_IRGEN_CLIENT", "Maven"); //$NON-NLS-1$ //$NON-NLS-2$
-		properties.put("APPSCAN_CLIENT_VERSION", m_runtimeInformation.getMavenVersion()); //$NON-NLS-1$
-		properties.put("IRGEN_CLIENT_PLUGIN_VERSION", getPluginVersion()); //$NON-NLS-1$
-		properties.put("ClientType", getClientType()); //$NON-NLS-1$
+		properties.put(SASTConstants.APPSCAN_IRGEN_CLIENT, "Maven"); //$NON-NLS-1$
+		properties.put(SASTConstants.APPSCAN_CLIENT_VERSION, m_runtimeInformation.getMavenVersion());
+		properties.put(SASTConstants.IRGEN_CLIENT_PLUGIN_VERSION, getPluginVersion());
+		properties.put(CoreConstants.CLIENT_TYPE, getClientType());
+		properties.put(CoreConstants.SERVER_URL, m_serviceUrl);
+		properties.put(CoreConstants.ACCEPT_INVALID_CERTS, Boolean.toString(m_acceptssl));
 		return properties;
 	}