HCL AppScan on Cloud (ASoC) is a SaaS solution for all application security testing needs and can scan web, mobile, and desktop applications using dynamic and static techniques.

ASoC has a web UI that enables all its functionality. However it also integrates directly into the software development lifecycle tools to enable DevSecOps readiness.

HCL AppScan AzureDevOps extension is one such ASoC integration. The extension provides build task that you can add into your Azure build pipeline definition to incorporate static(SAST), dynamic(DAST), mobile(MAST) application security testing and open source scanning.

This extension runs on Windows, Linux and MacOS agents and works with Azure DevOps Service and Azure DevOps Server 2018 Update 2 and above.

Highlights of the extension:

• A dedicated HCL AppScan service endpoint for authentication to ASoC server.

  

• A single build task - Run HCL AppScan Security Test to configure all the required settings before executing the build.

  

• Configuration parameters and fail build conditions for Dynamic, Static and Mobile analysis.

  

• A Build Summary info displaying the issue count based on severity, once the scan completes successfully.

  

• An option to download scan report in HTML format, post successul scan completion.

  

This Getting Started guide, includes comprehensive information on installing, configuring and using the HCL AppScan extension for Azure DevOps.

Release Summary

1.2.8 (2020-11-19)

• Support open source only scans in Static Analysis.
• Bug Fixes

1.2.7 (2020-07-10)

• Fix a customer reported bug to ensure static scans do not fail for successful IRX file generation, even if output is written to stderr.

1.2.6 (2020-06-05)

• Extension name change from Application Security Testing by HCL Technologies to HCL AppScan.
• Marketplace overview update, highlighting major features of the plugin.
• Support for specifying speed and depth levels for static scans. The levels include "simple", "balanced", "deep" and "thorough" with "deep" set as default.

1.2.5 (2020-04-28)

• Support for V10 Test Optimization levels for Dynamic Scans. These are "No Optimization", "Fast", "Faster", "Fastest".
• Added License terms to marketplace
• Updated the extension icon to AppScan

1.2.4 (2020-02-28)

• Validation of Starting URL for dynamic scans
• Bug Fixes

1.2.3 (2019-10-28)

• HCL Washed Changes

1.2.2 (2019-11-23)

• Added "Suspend Job" option, to allow users to continue with Build pipeline while security scans run in background.

1.1.2 (2019-09-11)

• Bug Fixes

1.1.1 (2019-04-10)

• Support for Test Optimization in DAST Scans.
• Updated Overview section with a link to Getting Started guide

1.1.0 (2019-02-22)

• Support for Dynamic Application Security testing (DAST) and Mobile Application Security Testing (MAST) in Azure Pipelines
• Display of Issue Info in Build Summary page.
• Bug Fixes

1.0.0 (2018-12-05)

• First Release
• Support for Static Application Security Testing (SAST) in Azure pipelines.