Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

updated docs to include AppScan 360 #49

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
+9 −9
Open

updated docs to include AppScan 360 #49

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,19 +1,19 @@
# HCL AppScan on Cloud Maven Plugin
# HCL AppScan Maven Plugin

Apply the power of static application security testing with HCL AppScan on Cloud – a SaaS solution that helps to eliminate vulnerabilities from applications before they are deployed. HCL AppScan on Cloud integrates directly into the SDLC, providing static, dynamic, mobile and open source testing.
Apply the power of static application security testing with HCL AppScan on Cloud and AppScan 360 – a SaaS solution that helps to eliminate vulnerabilities from applications before they are deployed. HCL AppScan integrates directly into the SDLC, providing static, dynamic, mobile and open source testing.

You can submit static and open source scans directly from the HCL AppScan on Cloud Maven plugin or use it to generate an IRX file for later submission to the service. The results are ready quickly (90% are ready in less than one hour) having been honed by Intelligent Finding Analytics, which uses HCL's Artificial Intelligence capabilities to greatly reduce false positives and other noise by an average of more than 98%. IFA also displays optimal locations for developers to fix multiple vulnerabilities in the code. Click [here](https://securityintelligence.com/intelligent-finding-analytics-cognitive-computing-application-security-expert/) for more information.
You can submit static and open source scans directly from the HCL AppScan plugin or use it to generate an IRX file for later submission to the service. The results are ready quickly (90% are ready in less than one hour) having been honed by Intelligent Finding Analytics, which uses HCL's Artificial Intelligence capabilities to greatly reduce false positives and other noise by an average of more than 98%. IFA also displays optimal locations for developers to fix multiple vulnerabilities in the code. Click [here](https://securityintelligence.com/intelligent-finding-analytics-cognitive-computing-application-security-expert/) for more information.

Not yet a customer of HCL AppScan on Cloud? Click [here](https://cloud.appscan.com/) for a free trial of Application Security on Cloud to use with this plugin
Not yet a customer of HCL AppScan? Click [here](https://cloud.appscan.com/) for a free trial of Application Security on Cloud to use with this plugin

# Prerequisites:

- An account on the [HCL AppScan on Cloud](https://cloud.appscan.com/) service. You'll need to [create an application](https://help.hcltechsw.com/appscan/ASoC/ent_create_application.html) on the service to associate your scans with.
- An account on the [HCL AppScan](https://cloud.appscan.com/) service. You'll need to [create an application](https://help.hcltechsw.com/appscan/ASoC/ent_create_application.html) on the service to associate your scans with.

# Goals:

- <b>prepare</b>: Generates an IRX file for all jar, war, and ear projects in the build. The IRX file will be generated in the root project's "target" directory by default.
- <b>analyze</b>: Generates an IRX file for all jar, war, and ear projects in the build and submits it to the HCL AppScan on Cloud service for analysis. This task requires an api key, secret, and application id. The IRX file will be generated in the root project's "target" directory by default.
- <b>analyze</b>: Generates an IRX file for all jar, war, and ear projects in the build and submits it to the HCL AppScan service for analysis. This task requires an api key, secret, and application id. The IRX file will be generated in the root project's "target" directory by default.
- <b>listTargets</b>: Lists the targets that will be included in the generated .irx file.

# Usage:
Expand Down Expand Up @@ -41,7 +41,7 @@ After doing so, you can execute the prepare goal using the "appscan" prefix. For

OPTION: DEFAULT VALUE DESCRIPTION
output <root project>/target/<root project name>.irx The name and/or location of the generated .irx file. If the selected path does not exist, the default path is applied.
appId null - Required for 'analyze' goal The id of the application in the cloud service.
appId null - Required for 'analyze' goal The id of the application in the service.
appscanKey null - Required for 'analyze' goal The user's API key id for authentication.
appscanSecret null - Required for 'analyze' goal The user's API key secret for authentication.
namespaces null Override automatic namespace detection. Set to "" to disable namespace detection.
Expand Down
4 changes: 2 additions & 2 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@
<artifactId>appscan-maven-plugin</artifactId>
<packaging>maven-plugin</packaging>
<version>1.0.16-SNAPSHOT</version>
<name>HCL AppScan on Cloud Maven Plugin</name>
<description>Generate an IRX file and optionally submit it for analysis to HCL AppScan on Cloud</description>
<name>HCL AppScan Maven Plugin</name>
<description>Generate an IRX file and optionally submit it for analysis to HCL AppScan on Cloud or AppScan 360</description>
<url>https://help.hcltechsw.com/appscan/ASoC/src_irx_gen_maven.html</url>

<licenses>
Expand Down