Kovair DevOps AppScan Integration Plugin

Listen to this article

AppScan Plugin Details

Plugin Version: 1.0

Overview

HCL AppScan is a family of desktop and web security testing and monitoring tools. AppScan is intended to test both on-premise and web applications for security vulnerabilities during the development process, when it is least expensive to fix such problems. It delivers best-in-class security testing tools to ensure your business, and your customers, are not vulnerable to attack. Rapidly identify, understand and remediate security vulnerabilities. This plug-in has been designed to manage AppScan environment from Kovair DevOps platform.

AppScan Information:

More information can be found at AppScan. (as on 2021/01/22)

Version Supported:

This plugin was developed and tested against AppScan SAAS instance.

Plugin Operation:

1. GetApplications
This operation fetches all latest applications that has been added to HCL AppScan platform for scan.

Input parameter(s):

Parameter Is Mandatory Help Text

Base URL

true

Provide the base URL of AppScan instance.

Client ID

true

Client ID is the corresponding user’s key id of AppScan instance.

Client Secret

true

Client Secret is the corresponding user’s key secret of AppScan instance.

 

Output parameter(s):

Parameter Help Text

Status

Status of the operation.

OutputLog

Response message content.

 

2. CreateAndExecuteScan

Create and execute a dynamic scan for a particular application and presence into HCL AppScan platform

Input parameter(s):

Parameter Is Mandatory Help Text

Base URL

true

Provide the base URL of AppScan instance.

Client ID

true

Client ID is the corresponding user’s key id of AppScan instance.

Client Secret

true

Client Secret is the corresponding user’s key secret of AppScan instance.

Starting Url

true

Starting Url of application is required to find out the application for scan

Presence Name

true

Presence name is required to identify the presence through which scan will be done.

Scan Name

true

Provide a scan name to create and execute a scan

Application Name

true

Application name is required to indentify the application that is going to be scanned, application must be added manually to HCL AppScan platfrom.

TestOptimizationLevel

true

TestOptimizationLevel is required(like Fast, Faster, Fastest) to mention test optimization of the scan.

ScanType

true

ScanType is required to mention environment of the scan like(Production, Staging).

 

Output parameter(s):

Parameter Help Text

Status

Status of the operation.

OutputLog

Response message content.

Scan ID

Scan ID of scan which is created and executed by this operation

 

3. GetScanStatus

This operation fetches scan status of a particular scan

Input parameter(s):

Parameter Is Mandatory Help Text

Base URL

true

Provide the base URL of AppScan instance.

Client ID

true

Client ID is the corresponding user’s key id of AppScan instance.

Client Secret

true

Client Secret is the corresponding user’s key secret of AppScan instance.

Scan ID

true

The scan id is required to fetch status of a particular scan

 

Output parameter(s):

Parameter Help Text

Status

Status of the operation.

OutputLog

Response message content

 

4. DeleteScan

This operatoin delete any particular scan when scan is in “Ready” or “Failed” state.

Input parameter(s):

Parameter Is Mandatory Help Text

Base URL

true

Provide the base URL of AppScan instance.

Client ID

true

Client ID is the corresponding user’s key id of AppScan instance.

Client Secret

true

Client Secret is the corresponding user’s key secret of AppScan instance.

Scan ID

true

The ID of scan which one you want to delete.

 

Output parameter(s):

Parameter Help Text

Status

Status of the operation.

OutputLog

Response message content

 

Pass/Fail Conditions:

Method Status Condition

GetApplications

Passed

If   HTTP Status Code of 200 (OK) is received from AppScan and OutputLog is not empty and can be deserialized into a collection of Applications_RESPONSE objects.

GetApplications

Failed

If   HTTP Status Code of 200 (OK) is not received from AppScan or If OutputLog is empty or if OutputLog is not empty but cannot be deserialized into a collection of Applications_RESPONSE objects.

CreateAndExecuteScan

Passed

If   HTTP Status Code of 201 (CREATED) is received from AppScan and if OutputLog is not empty and can be deserialized into a DynamicScan_RESPONSE object.

CreateAndExecuteScan

Failed

If   HTTP Status Code of 201 (CREATED) is not received from AppScan or if OutputLog is empty or if OutputLog is not empty but cannot be deserialized into a DynamicScan_RESPONSE object.

GetScanStatus

Passed

If   HTTP Status Code of 200 (OK) is received from AppScan and if OutputLog is not empty and can be deserialized into a DynamicScanStatus_RESPONSE object.

GetScanStatus

Failed

If   HTTP Status Code of 200 (OK) is not received from AppScan or if OutputLog is empty or if OutputLog is not empty but cannot be deserialized into a DynamicScanStatus_RESPONSE object.

GetScanReport

Passed

If   HTTP Status Code of 200 (OK) is received from AppScan and if OutputLog is not empty and can be deserialized into a Report_RESPONSE object.

GetScanReport

Failed

If   HTTP Status Code of 200 (OK) is not received from AppScan or if OutputLog is empty or if OutputLog is not empty but cannot be deserialized into a Report_RESPONSE object.

DeleteScan

Passed

If   HTTP Status Code of 204 (NO_CONTENT) is received from AppScan and if OutputLog is not empty.

DeleteScan

Failed

If   HTTP Status Code of 204 (NO_CONTENT) is not received from AppScan or if OutputLog is empty or if OutputLog is not empty.

 

Limitations:

  1. This plug-in has been tested in AppScan SAAS environment only.
  2. Currently this plug-in has been designed for dynamic scan only.
  3. Connectivity with AppScan SAAS instance must be ensured.
  4. Base URL, Client ID, Client Secret are required to generate API Token which is required for successful REST calls to AppScan.
  5. At the time of adding application manually to HCL AppScan platform, application name should not contains any special character.
  6. AppScanPresence should be downloaded in client node(machine) and presence should be in active state while creating any scan.
    More information about AppScanPresence can be found at AppScanPresence (as on 2021/01/22)

Release Details:

AppScan : 1.0
Initial version with basic functionalities.

Contact us:

    Yes, I accept the Privacy Statement and want to receive latest information from Kovair.