HCL AppScan
  • 26 Mar 2025
  • 2 Minutes to read
  • Dark
    Light

HCL AppScan

  • Dark
    Light

Article summary

HCL AppScan helps detect and fix security vulnerabilities in applications. It includes Dynamic Analysis (DAST) for testing live applications and APIs for vulnerabilities, and Static Analysis (SAST) for examining source code to find issues early in development. It also features Vulnerable Third-Party Component Detection to identify risks in third-party libraries. More information can be found at HCL AppScan.

Integration Method: API

Tables: Vulnerability Finding (2002)

This integration supports the following events.

Event

Description

Scan

Retrieves the relative security of an application

This integration supports the following versions.

HCL AppScan API version

v4.0

Note:

HCL AppScan doesn’t follow a traditional versioning system. Instead, it is a continuously updated cloud service. As for this document preparation, the latest release was on 11th March 2025.

Prerequisites

  • The user should have HCL AppScan with an account that has Administrator privilege.

  • The user should have access to the DataBee console.

Configuration Overview

  1. Generate client credentials with the required scopes.

  2. Add the HCL AppScan data feed in the DataBee console with the below parameters.

    DataBee Parameter

    HCL AppScan Parameter

    API Base URL <instance>

    Replace <instance> with your organization instance

    Token URL<instance>

    Replace <instance> with your organization instance

    Secret Key

    Key Secret

    Key Id

    Key ID

HCL AppScan Configuration

Before you start configuring the data feed on Databee UI, you will need to create the API Client and get the necessary information for API authentication such as Client ID and Client Secret. Follow these steps:

Create client credentials

  1. Login to the HCL AppScan Platform.

  2. From the left navigation bar, navigate to Tools > API and then click on the Generate button.
     

    Note:

    If the token has already been generated and is lost, it needs to be regenerated by clicking the Generate button again.

  3. Copy the Key ID, Key Secret.
     

    Note:

    You will not be able to view this again after you complete this step. Ensure that you copy it before closing the notification.

Get Base URL

  1. To obtain the base URL, navigate to the API key page in the AppScan on Cloud service:

    1. North America data center: https://cloud.appscan.com/main/apikey

    2. Western Europe data center: https://eu.cloud.appscan.com/main/apikey

  2. Copy the base URL from the REST API section as shown below.
     

DataBee Configuration

  1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
     

  2. Search for the HCL AppScan and click it as shown below.

     

  3. Click on the API Ingest option for the collection method.
     

  4. Enter feed contact information and click Next.
     

  5. In the configuration page, confirm the following:

    • Authorization Method: TokenUrlAuth

    • API Base URL: replace <instance> with your organization instance.

    • Token URL: replace <instance> with your organization instance.

    • Secret Key: paste the Key Secret.

    • Key Id: paste the Key ID.

    • Event Types: preselected for all the event types the integration pulls.

     

  6. Click Submit.

Troubleshooting Tips

  • If you’re facing invalid_client or unauthorized_client issues this might be possibly due to incorrect credentials. Ensure the token is pasted correctly. Since you cannot view the token after the 1st time, re-create the token, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.


Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence