HCL AppScan

Overview

HCL AppScan for Eclipse brings enterprise-grade application security testing capabilities directly into the Eclipse IDE. This plugin connects seamlessly to HCL AppScan on Cloud and HCL AppScan 360°, enabling development teams to identify, prioritize, and remediate security vulnerabilities without leaving their development environment. By embedding security into the workflow, HCL AppScan helps developers deliver secure code faster.

Key Features

Comprehensive Security Visibility

• Intelligent Fix Groups: Streamline remediation by organizing security findings into Fix Groups based on common fix locations, API calls, or vulnerability types
• Unified Scan Results: Access complete scan results from Static Application Security Testing (SAST) and Software Composition Analysis (SCA) in a single view
• Real-Time Synchronization: Automatically synchronize security findings from AppScan on Cloud and AppScan 360° into your Eclipse workspace
• Multi-Application Support: Switch between multiple applications using a searchable drop-down menu and intelligent filtering

Developer-Centric Workflow

• Direct Source Navigation: Navigate from a security finding to the exact file and line number in the source code with a single click
• IntegratedTriage: Update issue statuses(Open, In Progress, Noise, Fixed, Passed), add comments and apply sticky status options directly from the IDE
• Severity-Based Prioritization: Focus on critical issues first using clear, color-coded severity indicators (Critical, High, Medium, Low, Informational)Deep Issue Analysis: View comprehensive issue details, including data flow paths, sink locations, and risk assessment

Built-In Remediation Guidance

• “How To Fix” View: Access embedded browser-based guidance featuring language-specific remediation examples and security best practices
• Data Flow Visualization: Trace the path of potentially dangerous data through the application via the Issue Details view
• Secure Code Examples: Copy and implement ready-to-use code snippets to resolve security issues quickly.
• Adaptive Theme Support: The interface automatically adapts to light or dark themes for optimal readability

Professional Reporting

• On-Demand Reporting: Generate comprehensive security reports directly from Eclipse
• Regulatory Compliance: Create compliance-focused reports for standards including PCI-DSS, HIPAA, GDPR
• Custom Configurations: Select specific scans, configure report types, and customize output formats to meet project needs.
• Automated Retrieval: The plugin automatically downloads reports for immediate viewing upon generation

Intuitive User Interface

• Dedicated Perspective: Utilize a pre-configured layout optimized for security analysis workflow
• Tabbed Navigation: Organize work efficiently with tabs for Fix Groups, Scans, and individual Issues
• Smart Search: Filter applications by name with real-time results
• Interactive Data Tables: Explore data efficiently using sortable columns, tooltips, and clickable links
• Welcome Experience: Get started quickly with a guided onboarding screen featuring quick access to sign-in and documentation

Flexible Authentication

• API Key Security: Connect securely using HCL AppScan API keys
• Multi-Environment Support: Connect to different instances, including AppScan on Cloud and on-premise AppScan 360° deployments

Benefits

For Developers

• Maintain Focus: Eliminate context switching by managing security within the IDE
• Accelerate Remediation: Utilize direct code navigation and inline guidance to fix issues faster
• Master Secure Coding: Learn security best practices while fixing real-world issues
• Reduce Noise: Mark false positives as "Noise" or "Not Applicable" to clear the queue

For Security Teams

• Enable Self-Service: Empower developers to access and triage issues independently
• Unify Communication: Maintain shared visibility into security status across development and security teams
• Monitor Velocity: Track issue status updates and remediation progress in real time
• Scale Operations: Integate more developers into the security process without increasing security headcount

For Organizations

• Mitigate Risk: Identify and remediate vulnerabilities earlier in the SDLC
• Lower Costs: Reduce technical debt by fixing security issues during development rather than production
• Ensure Compliance: Meet regulatory requirements with consistent, comprehensive security testing
• Enhance Quality: Build security directly into the software quality assurance process

System Requirements

Before installing the plugin, ensure your environment meets the following prerequisites:

• Eclipse IDE: Version 2024-06 or later
• Java Runtime: JRE/JDK 21 or later
• Operating Systems: Windows 10/11, macOS 12+, Linux
• Display Resolution: Optimized for 1920 x 1080 resolution for the best user experience.
• Internet Connection: Required for connecting to HCL AppScan on Cloud or HCL AppScan 360°
• HCL AppScan Account: Valid API key for HCL AppScan on Cloud or HCL AppScan 360°

Getting Started

Complete the following steps to install the plugin, connect to the HCL AppScan service, and start managing vulnerabilities.

1. Install the plugin
   1. Open Eclipse and navigate to Help > Eclipse Marketplace.
   2. Search for "HCL AppScan".
   3. Click Install and follow the installation wizard prompts.
2. Configure the connection
   1. Open the AppScan perspective (Window > Perspective > Open Perspective > HCL AppScan).
   2. Click Login.
   3. Enter the HCL AppScan URL and valid API credentials.
3. Select an application
   1. Select the target application from the drop-down list.
   2. View the associated Fix Groups and Scans in the tabbed interface.
4. Start fixing
   1. Click a Fix Group to view related issues.
   2. Use the Location of Fix feature to navigate to the vulnerable code.
   3. Review the remediation guidance in the How to Fix view.
   4. Update the issue status as work progresses.