start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
start portlet menu bar end portlet menu bar
Close
Select Page
Secure DevOps
  | October 31, 2022

HCL AppScan Integrates Security Scanning Easily into the Jenkins Pipeline

Parimal Sureshagarkhed
Parimal Sureshagarkhed
Lead Software Engineering
HCL AppScan Integrates Security Scanning Easily into the Jenkins Pipeline

If you are one of the many developers around the world that build (or are interested in building) applications in Jenkins, the leading open-source automation server, we have news for you. The HCL AppScan plugin for Jenkins allows you to seamlessly integrate dynamic application security testing (DAST) right into your Jenkins continuous integration/continuous (CI/CD) delivery pipeline.

Capturing vulnerabilities early is critical when it comes to application security. The HCL plugin allows you to run DAST scans during the staging process, after the application has been built but before it goes live. And better yet, AppScan can save you even more time by automatically scanning only the parts of an application that have been changed, instead of retesting the entire application.

AppScan Dast Topology and Tips

Notable Features

  • You can manage distributed builds using Jenkins Master Slave configuration in which Jenkins allocates the different jobs to various slave machines. With this approach, you are able to efficiently apply DAST and SAST (Static Application Security Test) scans of multiple newly built projects or newly deployed websites. The security summary of issues of each of them would be displayed along with the security test report. The reports contain scan issues along with Remediation for the issues reported. HCL AppScan’s reports are vast and detailed, and they can be consumed by multiple stakeholders, such as developers and security analysts.
  • The task can scan specific flows of the websites (newly deployed ones or locally hosted ones or public sites) using Activity Recorder. This small utility enables you to record traffic and actions from your website and upload those recordings to the AppScan Dynamic analysis tool of your choice – HCL AppScan Enterprise or HCL AppScan Standard or  HCL AppScan On Cloud.
  • The HCL AppScan plugin supports enablement and configuration of settings as well as email alerts before triggering a build.
  • You can configure the build to fail based on the security results such as a specified number of high severity vulnerabilities.
  • Scan time can be reduced by choosing a balance between speed and issue coverage. Optimized scans omit tests defined in the Test policy for less severe or less likely vulnerabilities based on ongoing statistical analyses.
  • Your test reports are available in JSON format.
  • You can use the  AppScan Issue Management Gateway service to migrate Issues from AppScan Enterprise to other issue management applications like Jira, Azure and Rational Team Concert.

Integrate Web Application in the SDLC

Watch this video for a demo on HCL AppScan Enterprise: Jenkins Integration.

Adding security testing directly into your Jenkins pipeline with the HCL AppScan plugin allows you to take applications live with greater confidence, and without loss of time. Visit the HCL AppScan website to learn more or use this link to begin your free 30-day trial of HCL AppScan Enterprise and test-drive application security on your own.

 

Comment wrap
Parimal Sureshagarkhed
Parimal Sureshagarkhed
Lead Software Engineering
Parimal Agarkhed is currently a Lead Software Engineer at HCL AppScan, focusing on testing integration components for DevSecOps. He has 17+ years of professional experience in the IT space, including contributions toward the Application Security domain for the past three years. When not on his laptop, he likes to travel, explore and share his experiences.
Read more

Topics in this article:

DAST and SASThcl appscanHCL AppScan On Cloud.jenkins

Submit a Comment

Your email address will not be published. Required fields are marked *

* HCL provides software and services to the U.S. Federal Government through its partner Four, Inc. Please contact Four, Inc. at the U.S. Federal Government contact page.


appscan
Secure DevOps | December 20, 2023
Secure Application Code Against Vulnerabilities Faster with HCL AppScan Fix Groups
Stop in for an update on how HCL AppScan helps find vulnerabilities and security risks, starting with built in AI that dramatically reduces the number of scan findings and practically eliminates false positives.
Uffe Sorensen
Itay Levin
Design Lead for HCL AppScan
appscan
Secure DevOps | August 2, 2023
Wider Application Security Coverage with HCL AppScan DAST and Vulnerable Third-Party Component Detection
HCL AppScan DAST (dynamic application security testing) is an industry-leading technology that scans your applications and APIs against potential vulnerabilities.
Uffe Sorensen
Kamal Kumar Chandrashekar
Senior Product Manager, HCL AppScan
appscan
Secure DevOps | August 2, 2023
Find More Vulnerabilities Than Ever Before with the new HCL AppScan Version 10.3.0
HCL AppScan continues to push forward on an accelerated innovation roadmap with the release of version 10.3.0 for three on-prem software products: HCL AppScan Standard, Enterprise, and Source.
Uffe Sorensen
Adam Cave
Product Marketing Manager, HCL AppScan
start portlet menu bar end portlet menu bar