If you have ever played poker, you know it’s all about having the right combination of cards. When it comes to software, putting the right products together can also give you a winning hand. That’s why the HCL Accelerate team wants to highlight our integration with HCL AppScan and AppScan on Cloud (ASoC).

HCL Accelerate is a flexible and powerful release and value stream management tool offering visibility and governance across multiple teams and workflows. It’s a day-2 supervisory-to-ground-floor DevOps essential. HCL AppScan works amazingly well with HCL Accelerate, but no surprise there – they are both being driven by HCL’s vision of a next generation software development experience. AppScan provides security scanning, both static and dynamic, with on premise and cloud offerings. These scans are critical for quality, security, and compliance. HCL Accelerate can ingest AppScan data across teams, products, and tool-chains to ensure visibility and governance so that work can stay in motion and management can stay at ease.

Let’s get started!

This tutorial uses the cloud offering of AppScan (AppScan on Cloud or ASoC). If you do not already have an ASoC account and project, you can set one up now with a free trial. And if you don’t already have HCL Accelerate, you can download the Community Edition here. An example project and scans are shown below.

Integrating HCL AppScan on Cloud

You will also need to generate an ASoC Key ID and Key Secret

Integrating HCL AppScan on Cloud

When you are ready to generate scan results, run the scanner and copy and paste the scanID. We will need this later for the curl command shown in the HCL Accelerate section below.

Integrating HCL AppScan on Cloud

1. Create the ASoC Integration in HCL Accelerate

1.1 Find the Plugin

In HCL Acclerate, navigate to Settings > Integrations > Plugins and with “Plugin for ASoC” click “Add Integration”.

Integrating HCL AppScan on Cloud

1.2 Configure the Integration

Fill out the “Add Integration” form. Configure authentication to HCl Accelerate and ASoC.

  • Integration name: ASoC_Example_Name_1
  • User Access Key: Copy and paste an HCL Accelerate user access key. (you can create a key from “Settings” > “My profile” and name it ASoC_Example_Name_1)
  • ASoC Base URL: https://cloud.appscan.com
  • ASoC API Key ID: The ID used to authenticate to the cloud API.
  • ASoC API Key Secret: The actual key used to authenticate to the cloud API.

Integrating HCL AppScan on Cloud

1.3 Inspect the Integration

Confirm that the integration was created. Expand the dropdown details to view the endpoint URL. We will send ASoC data to HCL Accelerate by a POST command to the URL of the integration endpoint.

Integrating HCL AppScan on Cloud

2. Sending ASoC Scan Result to HCL Accelerate

To send ASoC scan results to HCL Accelerate, simply POST a JSON object containing the scanID to the pluginEndpoint URL of the target HCL Accelerate integration.

Example Data Structure

{

"scanId": "<ASoC scan ID>",

}

 

 

Example Curl command

curl -H “Content-Type: application/json” -k -X POST https://<accelerate server>/reporting-consumer/pluginEndpoint/<integration ID>/asocScan -d “{\”scanId\”:\”<scan ID>\”}”

3. Viewing the Data

We can view the data by setting up a dashboard in HCL Accelerate. Navigate to “Insights” and click “Create Dashboard.

Integrating HCL AppScan on Cloud

Create the chart by clicking “Add charts” and selecting the appropriate metrics. The default metric for ASoC data is “Application Vulnerabilities” under “Risk” (for ASoC plugin version 1.0.16 and earlier the default metric is “ASoC Tests” under “Quality”).

Integrating HCL AppScan on Cloud

Filtering optional

You can create multiple chart types with different selections of data, including multiple filters and time selections.

Integrating HCL AppScan on Cloud

Each chart can also reveal a details table as shown below.

Integrating HCL AppScan on Cloud

 

Comment wrap
Further Reading
article-img
Secure DevOps | November 16, 2022
DOES 2022 Recap
The HCL Software Team showcases HCL Accelerate, HCL AppScan, and HCL OneTest portfolio during the full three days of DevOps Enterprise Summit.  
article-img
Secure DevOps | October 21, 2022
Webinar Recap: Value Stream Management with HCL Accelerate
In our recent webinar, we went over Value Stream Management and how by integrating HCL Accelerate will give you actionable insights so you can get the most out of your DevOps Investments.
article-img
Secure DevOps | October 21, 2022
HCL Accelerate V4.0.1 and V4.0 Release Updates
HCL Accelerate recently released HCL Accelerate 4.0.1 and 4.0. In this blog, I highlight some of the new releases for Accelerate 4.0.1 and 4.0.
Close
Filters result by
Sort:
|