- 26 Mar 2025
- 2 Minutes to read
- Print
- DarkLight
HCL AppScan
- Updated on 26 Mar 2025
- 2 Minutes to read
- Print
- DarkLight
HCL AppScan helps detect and fix security vulnerabilities in applications. It includes Dynamic Analysis (DAST) for testing live applications and APIs for vulnerabilities, and Static Analysis (SAST) for examining source code to find issues early in development. It also features Vulnerable Third-Party Component Detection to identify risks in third-party libraries. More information can be found at HCL AppScan.
Integration Method: API
Tables: Vulnerability Finding (2002)
This integration supports the following events.
Event | Description |
---|---|
Scan | Retrieves the relative security of an application |
This integration supports the following versions.
HCL AppScan API version | v4.0 |
Note:
HCL AppScan doesn’t follow a traditional versioning system. Instead, it is a continuously updated cloud service. As for this document preparation, the latest release was on 11th March 2025.
Prerequisites
The user should have HCL AppScan with an account that has Administrator privilege.
The user should have access to the DataBee console.
Configuration Overview
Generate client credentials with the required scopes.
Add the HCL AppScan data feed in the DataBee console with the below parameters.
DataBee Parameter
HCL AppScan Parameter
API Base URL <instance>
Replace <instance> with your organization instance
Token URL<instance>
Replace <instance> with your organization instance
Secret Key
Key Id
HCL AppScan Configuration
Before you start configuring the data feed on Databee UI, you will need to create the API Client and get the necessary information for API authentication such as Client ID and Client Secret. Follow these steps:
Create client credentials
Login to the HCL AppScan Platform.
From the left navigation bar, navigate to Tools > API and then click on the Generate button.
Note:
If the token has already been generated and is lost, it needs to be regenerated by clicking the Generate button again.
Note:
You will not be able to view this again after you complete this step. Ensure that you copy it before closing the notification.
Get Base URL
To obtain the base URL, navigate to the API key page in the AppScan on Cloud service:
North America data center: https://cloud.appscan.com/main/apikey
Western Europe data center: https://eu.cloud.appscan.com/main/apikey
DataBee Configuration
Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
Search for the HCL AppScan and click it as shown below.
Click on the API Ingest option for the collection method.
Enter feed contact information and click Next.
In the configuration page, confirm the following:
Authorization Method: TokenUrlAuth
API Base URL: replace <instance> with your organization instance.
Token URL: replace <instance> with your organization instance.
Secret Key: paste the Key Secret.
Key Id: paste the Key ID.
Event Types: preselected for all the event types the integration pulls.
Click Submit.
Troubleshooting Tips
If you’re facing invalid_client or unauthorized_client issues this might be possibly due to incorrect credentials. Ensure the token is pasted correctly. Since you cannot view the token after the 1st time, re-create the token, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.