HCL AppScan

HCL AppScan helps detect and fix security vulnerabilities in applications. It includes Dynamic Analysis (DAST) for testing live applications and APIs for vulnerabilities, and Static Analysis (SAST) for examining source code to find issues early in development. It also features Vulnerable Third-Party Component Detection to identify risks in third-party libraries. More information can be found at HCL AppScan.

Integration Method: API

Tables: Vulnerability Finding (2002)

This integration supports the following events.

This integration supports the following versions.

Note:

HCL AppScan doesn’t follow a traditional versioning system. Instead, it is a continuously updated cloud service. As for this document preparation, the latest release was on 11th March 2025.

Prerequisites

• The user should have HCL AppScan with an account that has Administrator privilege.

• The user should have access to the DataBee console.

Configuration Overview

1. Generate client credentials with the required scopes.

2. Add the HCL AppScan data feed in the DataBee console with the below parameters.

   DataBee Parameter	HCL AppScan Parameter
   API Base URL <instance>	Replace <instance> with your organization instance
   Token URL<instance>	Replace <instance> with your organization instance
   Secret Key	Key Secret
   Key Id	Key ID

HCL AppScan Configuration

Before you start configuring the data feed on Databee UI, you will need to create the API Client and get the necessary information for API authentication such as Client ID and Client Secret. Follow these steps:

Create client credentials

1. Login to the HCL AppScan Platform.

2. From the left navigation bar, navigate to Tools > API and then click on the Generate button.
    
   

   Note:

   If the token has already been generated and is lost, it needs to be regenerated by clicking the Generate button again.

3. Copy the Key ID, Key Secret.
    
   

   Note:

   You will not be able to view this again after you complete this step. Ensure that you copy it before closing the notification.

Get Base URL

1. To obtain the base URL, navigate to the API key page in the AppScan on Cloud service:

   1. North America data center: https://cloud.appscan.com/main/apikey

   2. Western Europe data center: https://eu.cloud.appscan.com/main/apikey

2. Copy the base URL from the REST API section as shown below.
    

DataBee Configuration

1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
    

2. Search for the HCL AppScan and click it as shown below.

    

3. Click on the API Ingest option for the collection method.
    

4. Enter feed contact information and click Next.
    

5. In the configuration page, confirm the following:

   • Authorization Method: TokenUrlAuth

   • API Base URL: replace <instance> with your organization instance.

   • Token URL: replace <instance> with your organization instance.

   • Secret Key: paste the Key Secret.

   • Key Id: paste the Key ID.

   • Event Types: preselected for all the event types the integration pulls.

    

6. Click Submit.

Troubleshooting Tips

• If you’re facing invalid_client or unauthorized_client issues this might be possibly due to incorrect credentials. Ensure the token is pasted correctly. Since you cannot view the token after the 1st time, re-create the token, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.