AppScan Plugin Details
Plugin Version: 1.0Overview
AppScan Information:
Version Supported:
Plugin Operation:
1. GetApplications
This operation fetches all latest applications that has been added to HCL AppScan platform for scan.
Input parameter(s):
| Parameter | Is Mandatory | Help Text |
|---|---|---|
Base URL |
true |
Provide the base URL of AppScan instance. |
Client ID |
true |
Client ID is the corresponding user’s key id of AppScan instance. |
Client Secret |
true |
Client Secret is the corresponding user’s key secret of AppScan instance. |
Output parameter(s):
| Parameter | Help Text |
|---|---|
Status |
Status of the operation. |
OutputLog |
Response message content. |
2. CreateAndExecuteScan
Create and execute a dynamic scan for a particular application and presence into HCL AppScan platform
Input parameter(s):
| Parameter | Is Mandatory | Help Text |
|---|---|---|
Base URL |
true |
Provide the base URL of AppScan instance. |
Client ID |
true |
Client ID is the corresponding user’s key id of AppScan instance. |
Client Secret |
true |
Client Secret is the corresponding user’s key secret of AppScan instance. |
Starting Url |
true |
Starting Url of application is required to find out the application for scan |
Presence Name |
true |
Presence name is required to identify the presence through which scan will be done. |
Scan Name |
true |
Provide a scan name to create and execute a scan |
Application Name |
true |
Application name is required to indentify the application that is going to be scanned, application must be added manually to HCL AppScan platfrom. |
TestOptimizationLevel |
true |
TestOptimizationLevel is required(like Fast, Faster, Fastest) to mention test optimization of the scan. |
ScanType |
true |
ScanType is required to mention environment of the scan like(Production, Staging). |
Output parameter(s):
| Parameter | Help Text |
|---|---|
Status |
Status of the operation. |
OutputLog |
Response message content. |
Scan ID |
Scan ID of scan which is created and executed by this operation |
3. GetScanStatus
This operation fetches scan status of a particular scan
Input parameter(s):
| Parameter | Is Mandatory | Help Text |
|---|---|---|
Base URL |
true |
Provide the base URL of AppScan instance. |
Client ID |
true |
Client ID is the corresponding user’s key id of AppScan instance. |
Client Secret |
true |
Client Secret is the corresponding user’s key secret of AppScan instance. |
Scan ID |
true |
The scan id is required to fetch status of a particular scan |
Output parameter(s):
| Parameter | Help Text |
|---|---|
Status |
Status of the operation. |
OutputLog |
Response message content |
4. DeleteScan
This operatoin delete any particular scan when scan is in “Ready” or “Failed” state.
Input parameter(s):
| Parameter | Is Mandatory | Help Text |
|---|---|---|
Base URL |
true |
Provide the base URL of AppScan instance. |
Client ID |
true |
Client ID is the corresponding user’s key id of AppScan instance. |
Client Secret |
true |
Client Secret is the corresponding user’s key secret of AppScan instance. |
Scan ID |
true |
The ID of scan which one you want to delete. |
Output parameter(s):
| Parameter | Help Text |
|---|---|
Status |
Status of the operation. |
OutputLog |
Response message content |
Pass/Fail Conditions:
| Method | Status | Condition |
|---|---|---|
GetApplications |
Passed |
If HTTP Status Code of 200 (OK) is received from AppScan and OutputLog is not empty and can be deserialized into a collection of Applications_RESPONSE objects. |
GetApplications |
Failed |
If HTTP Status Code of 200 (OK) is not received from AppScan or If OutputLog is empty or if OutputLog is not empty but cannot be deserialized into a collection of Applications_RESPONSE objects. |
CreateAndExecuteScan |
Passed |
If HTTP Status Code of 201 (CREATED) is received from AppScan and if OutputLog is not empty and can be deserialized into a DynamicScan_RESPONSE object. |
CreateAndExecuteScan |
Failed |
If HTTP Status Code of 201 (CREATED) is not received from AppScan or if OutputLog is empty or if OutputLog is not empty but cannot be deserialized into a DynamicScan_RESPONSE object. |
GetScanStatus |
Passed |
If HTTP Status Code of 200 (OK) is received from AppScan and if OutputLog is not empty and can be deserialized into a DynamicScanStatus_RESPONSE object. |
GetScanStatus |
Failed |
If HTTP Status Code of 200 (OK) is not received from AppScan or if OutputLog is empty or if OutputLog is not empty but cannot be deserialized into a DynamicScanStatus_RESPONSE object. |
GetScanReport |
Passed |
If HTTP Status Code of 200 (OK) is received from AppScan and if OutputLog is not empty and can be deserialized into a Report_RESPONSE object. |
GetScanReport |
Failed |
If HTTP Status Code of 200 (OK) is not received from AppScan or if OutputLog is empty or if OutputLog is not empty but cannot be deserialized into a Report_RESPONSE object. |
DeleteScan |
Passed |
If HTTP Status Code of 204 (NO_CONTENT) is received from AppScan and if OutputLog is not empty. |
DeleteScan |
Failed |
If HTTP Status Code of 204 (NO_CONTENT) is not received from AppScan or if OutputLog is empty or if OutputLog is not empty. |
Limitations:
- This plug-in has been tested in AppScan SAAS environment only.
- Currently this plug-in has been designed for dynamic scan only.
- Connectivity with AppScan SAAS instance must be ensured.
- Base URL, Client ID, Client Secret are required to generate API Token which is required for successful REST calls to AppScan.
- At the time of adding application manually to HCL AppScan platform, application name should not contains any special character.
- AppScanPresence should be downloaded in client node(machine) and presence should be in active state while creating any scan.
More information about AppScanPresence can be found at AppScanPresence (as on 2021/01/22)
Release Details:
Initial version with basic functionalities.