HCL AppScan extension for Visual Studio 2022Apply the power of static application security testing with HCL AppScan, as SaaS solution that identifies and helps to eliminate vulnerabilities from applications before they are deployed. HCL AppScan integrates directly into the SDLC for static and open source security testing. HCL AppScan Visual Studio 2022 extension allows users to scan their source code early in development lifecycle using the HCL CodeSweep integration. CodeSweep scan results can be marked as noise or remediated using the quick-fix feature. A rules panel enables users to view all supported rules and either disable or enable these rules. HCL AppScan Visual Studio 2022 extension also allows users to view fix groups and scan data from HCL AppScan on Cloud and HCL AppScan 360° applications. Not yet an HCL AppScan customer? Start a free trial. PrerequisitesBefore installing the extension, ensure the target system meets these requirements:
InstallationTo install the HCL AppScan for Visual Studio 2022 extension:
What's new in HCL AppScan extension for Visual Studio 20222.4 (2024-06-24)
2.3 (2024-03-21)
2.2 (2023-12-21)
2.1 (2023-09-05)
2.0 (2023-07-01)
Extension configurationBelow settings are available for HCL AppScan Visual Studio extension under Tools->Options->HCL AppScan AppScan on Cloud/AppScan 360° ConfigurationYou can connect HCL AppScan Visual Studio extension to HCL AppScan on Cloud/AppScan 360°. To configure connection details: - Go to Tools->Options->HCL AppScan->ASoC/AppScan 360°. - Provide the API Key ID and API Key Secret. If you don’t have a Key ID/Secret, create one by following the steps [here](https://help.hcltechsw.com/appscan/ASoC/appseccloud_generate_api_key_cm.html). - Server URL is set to https://cloud.appscan.com as default. In case you wish to connect to ASoC EU server, set the server value to https://cloud.appscan.com/eu. - Check Allow Untrusted Connections to enable untrusted connection to AppScan 360° service. - Click OK to save the credentials.Once connected, issues that have been set to “Noise” in AppScan on Cloud/AppScan 360° are not shown in CodeSweep. To remove the connection to AppScan on Cloud/AppScan 360°, remove the keyID and keySecret credentials and restart Visual Studio.
Manage TelemetryWe are collecting telemetry data [rules ignored, rules info viewed, file types scanned] to give you a better user experience with our future releases. No information about specific issues is captured or stored. In case you want to opt out, please disable this option by navigating to Tools->Options->HCL AppScan->General->Manage Telemetry and choose "Disable".Manage Vulnerable Code HighlightThis settings enables you to choose the code highlight option for issues identified in a scan.To configure code highlight option:
Getting StartedCodeSweep Users
AppScan on Cloud/AppScan 360° users:
Working with CodeSweepCodeSweep Findings Table
CodeSweep Findings operations
Marking an issue as “noise” indicates it should be ignored now and in the future; it will not be reported in future scans of the file. Issues marked as noise are strike through and greyed out until the next save of the corresponding file or an editor restart, whichever happens first. To mark an issue as noise, click Mark as noise.
Unmarking an issue as noise ensures that the issue considered in future scans. You can clear the noise status only for issues marked as noise in the current session, provided the file has not been saved since being labelled as noise. To unmark an issue as noise, click Clear status. CodeSweep Rules PanelThis view displays applicable rules grouped by supported programming languages. Within every group, the rules are ordered based on severity. CodeSweep Rules operation1. Disable RuleDisabling a rule means it will not be considered for future scans. Once disabled, the rule name is annotated with the “Rule Disabled” label and the severity icon changes to note the disabled status. Once a rule is disabled, issues listed for a rule are no longer displayed. To disable a rule, either:
2. Enable RuleEnabling a rule means that it will be considered for future scans. Enabling a rule will not display any issues belonging to that rule reported earlier in the same session; they are listed after you save a file which has issues corresponding to that rule. To enable a rule, either:
3. Rule InfoThe AppScan Rule Info pane in Visual Studio displays relevant information both enabled and disabled rules. To view the advisory and remediation information for a rule, either:
Working With Fix Groups, Scans And IssuesA fix group is a set of related issues that are grouped together based on common properties. Additional information about fix groups can be found here. Once connected to HCL AppScan on Cloud, you can import fix groups and scans associated with selected application. To view the issues within a fix group, click on the fix group entry on the Fix Groups tab. To view the issues within a scan, click on the scan entry and navigate to issues via the fix groups. While viewing fix groups, the following links are available:
While editing fix group status, the following options are available:
While viewing scans, the following links are available:
While viewing issues, the following links are available:
While editing issue status, the following options are available:
Troubleshooting
Known issues
Report feedbackUse the CodeSweep slack channel to report feedback or ask general questions about the extension. |