If you have ever played poker, you know it’s all about having the right combination of cards. When it comes to software, putting the right products together can also give you a winning hand. That’s why the HCL Accelerate team wants to highlight our integration with HCL AppScan and AppScan on Cloud (ASoC).

HCL Accelerate is a flexible and powerful release and value stream management tool offering visibility and governance across multiple teams and workflows. It’s a day-2 supervisory-to-ground-floor DevOps essential. HCL AppScan works amazingly well with HCL Accelerate, but no surprise there – they are both being driven by HCL’s vision of a next generation software development experience. AppScan provides security scanning, both static and dynamic, with on premise and cloud offerings. These scans are critical for quality, security, and compliance. HCL Accelerate can ingest AppScan data across teams, products, and tool-chains to ensure visibility and governance so that work can stay in motion and management can stay at ease.

Let’s get started!

This tutorial uses the cloud offering of AppScan (AppScan on Cloud or ASoC). If you do not already have an ASoC account and project, you can set one up now with a free trial. And if you don’t already have HCL Accelerate, you can download the Community Edition here. An example project and scans are shown below.

You will also need to generate an ASoC Key ID and Key Secret

When you are ready to generate scan results, run the scanner and copy and paste the scanID. We will need this later for the curl command shown in the HCL Accelerate section below.

1. Create the ASoC Integration in HCL Accelerate

1.1 Find the Plugin

In HCL Acclerate, navigate to Settings > Integrations > Plugins and with “Plugin for ASoC” click “Add Integration”.

1.2 Configure the Integration

Fill out the “Add Integration” form. Configure authentication to HCl Accelerate and ASoC.

  • Integration name: ASoC_Example_Name_1
  • User Access Key: Copy and paste an HCL Accelerate user access key. (you can create a key from “Settings” > “My profile” and name it ASoC_Example_Name_1)
  • ASoC Base URL: https://cloud.appscan.com
  • ASoC API Key ID: The ID used to authenticate to the cloud API.
  • ASoC API Key Secret: The actual key used to authenticate to the cloud API.

1.3 Inspect the Integration

Confirm that the integration was created. Expand the dropdown details to view the endpoint URL. We will send ASoC data to HCL Accelerate by a POST command to the URL of the integration endpoint.

2. Sending ASoC Scan Result to HCL Accelerate

To send ASoC scan results to HCL Accelerate, simply POST a JSON object containing the scanID to the pluginEndpoint URL of the target HCL Accelerate integration.

Example Data Structure

{

"scanId": "<ASoC scan ID>",

}

 

 

Example Curl command

curl -H “Content-Type: application/json” -k -X POST https://<accelerate server>/reporting-consumer/pluginEndpoint/<integration ID>/asocScan -d “{\”scanId\”:\”<scan ID>\”}”

3. Viewing the Data

We can view the data by setting up a dashboard in HCL Accelerate. Navigate to “Insights” and click “Create Dashboard.

Create the chart by clicking “Add charts” and selecting the appropriate metrics. The default metric for ASoC data is “Application Vulnerabilities” under “Risk” (for ASoC plugin version 1.0.16 and earlier the default metric is “ASoC Tests” under “Quality”).

Filtering optional

You can create multiple chart types with different selections of data, including multiple filters and time selections.

Each chart can also reveal a details table as shown below.

 

Comment wrap
Further Reading
article-img
Secure DevOps | June 9, 2022
Introducing HCL Accelerate v3.1
HCL Accelerate is continuing to see significant Value Stream Management adoption! With the release of HCL Accelerate 3.1, we brought significant features and performance improvements for our largest customers. If you are not far in your VSM journey, see below for some new onboarding features and guidance.
article-img
Secure DevOps | May 19, 2022
Accelerate on Kubernetes: Or, How I Learned to Stop Worrying and Love Automated Container Orchestration
Containerization is everywhere these days, and technologists are scrambling to adopt it in their organizations. But what exactly is it? Is it actually beneficial, or just a fad? What's the best way to leverage it? And most importantly, how does it relate to HCL Accelerate?
article-img
Secure DevOps | April 25, 2022
OpenShift Installation Updates
Starting from HCL Accelerate version 3.1.0, OpenShift Template installation will be removed. If you are an OpenShift user, do not worry, we will continue supporting OpenShift platforms through Helm charts.
Close
Filters result by
Sort:
|