{"id":23624864,"url":"https://github.com/hcl-tech-software/appscan-gradle-plugin","last_synced_at":"2025-08-31T00:31:33.082Z","repository":{"id":38441815,"uuid":"146472162","full_name":"HCL-TECH-SOFTWARE/appscan-gradle-plugin","owner":"HCL-TECH-SOFTWARE","description":"Gradle plugin for integrating with HCL AppScan on Cloud","archived":false,"fork":false,"pushed_at":"2024-08-14T17:46:38.000Z","size":85,"stargazers_count":3,"open_issues_count":1,"forks_count":5,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-08-29T12:44:54.014Z","etag":null,"topics":["appscan","cloud","hcl-appscan"],"latest_commit_sha":null,"homepage":"","language":"Groovy","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HCL-TECH-SOFTWARE.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-08-28T15:58:07.000Z","updated_at":"2025-08-21T01:37:33.000Z","dependencies_parsed_at":"2024-05-31T15:05:45.585Z","dependency_job_id":"ea40651b-1e55-476f-90ad-1cef321ac1de","html_url":"https://github.com/HCL-TECH-SOFTWARE/appscan-gradle-plugin","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/HCL-TECH-SOFTWARE/appscan-gradle-plugin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HCL-TECH-SOFTWARE%2Fappscan-gradle-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HCL-TECH-SOFTWARE%2Fappscan-gradle-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HCL-TECH-SOFTWARE%2Fappscan-gradle-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HCL-TECH-SOFTWARE%2Fappscan-gradle-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HCL-TECH-SOFTWARE","download_url":"https://codeload.github.com/HCL-TECH-SOFTWARE/appscan-gradle-plugin/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HCL-TECH-SOFTWARE%2Fappscan-gradle-plugin/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":272926172,"owners_count":25016423,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-30T02:00:09.474Z","response_time":77,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appscan","cloud","hcl-appscan"],"created_at":"2024-12-27T21:16:52.842Z","updated_at":"2025-08-31T00:31:31.968Z","avatar_url":"https://github.com/HCL-TECH-SOFTWARE.png","language":"Groovy","funding_links":[],"categories":[],"sub_categories":[],"readme":"# HCL AppScan on Cloud Gradle Plugin\n\nApply the power of static application security testing with HCL AppScan on Cloud – a SaaS solution that helps to eliminate vulnerabilities from applications before they are deployed. HCL AppScan on Cloud integrates directly into the SDLC, providing static, dynamic, mobile and open source testing.\n\nYou can submit static and open source scans directly from the HCL AppScan on Cloud Gradle plugin or use it to generate an IRX file for later submission to the service. The results are ready quickly (90% are ready in less than one hour) having been honed by Intelligent Finding Analytics, which uses HCL's Artificial Intelligence capabilities to greatly reduce false positives and other noise by an average of more than 98%. IFA also displays optimal locations for developers to fix multiple vulnerabilities in the code. Click [here](https://securityintelligence.com/intelligent-finding-analytics-cognitive-computing-application-security-expert/) for more information.\n\nNot yet a customer of HCL AppScan on Cloud? Click [here](https://cloud.appscan.com) for a free trial of Application Security on Cloud to use with this plugin\n\n# Prerequisites:\n\n- An account on the [HCL AppScan on Cloud](https://cloud.appscan.com/) service. You'll need to [create an application](https://help.hcltechsw.com/appscan/ASoC/ent_create_application.html) on the service to associate your scans with.\n\n# Usage:\n\nUsage information and the latest version can be found on the [plugin page](https://plugins.gradle.org/plugin/com.hcl.security.appscan) in the Gradle plugins repository.\n\nTo use the plugin, add the following lines to build.gradle, replacing \\\u003cversion\\\u003e with the desired version of the plugin:\n\nFor Gradle 2.1 and later:\n\n\tplugins {\n\t\tid \"com.hcl.security.appscan\" version \"\u003cversion\u003e\"\n\t}\n\nFor older Gradle versions:\n\n\tbuildscript {\n\t\trepositories {\n\t    \t\tmaven { url \"https://plugins.gradle.org/m2/\" }\n\t  \t}\n\t  dependencies { classpath \"gradle.plugin.com.hcl.security:application-security-gradle-plugin:\u003cversion\u003e\" }\n\t}\n\n\tapply plugin: 'com.hcl.security.appscan'\n\n# Tasks:\n\n- appscan-prepare:\n\tGenerates an IRX file for all Java and War projects in the build. The IRX file will be generated in the root project's \"build\" directory by default.\n\n- appscan-analyze:\n  Generates an IRX file and submits it to the cloud service for analysis. This task requires an api key, secret, and application id.\n  \n# Configurable Options:\n\n\tOPTION:\t\t\t\tDEFAULT VALUE\t\t\t\tDESCRIPTION\n\tirxName           \tThe name of the root project                  The name of the generated .irx file.\n\tirxDir            \tThe build directory of the root project.      The location for the generated .irx file.\n\tappId             \tnull - Required for 'appscan-analyze'         The id of the application in the cloud service.\n\tappscanKey        \tnull - Required for 'appscan-analyze'         The user's API key id for authentication.\n\tappscanSecret     \tnull - Required for 'appscan-analyze'         The user's API key secret for authentication.\n\tnamespaces\t  \tnull\t\t\t\t\t      Override automatic namespace detection. Set to \"\" to disable namespace detection.\n    sourceCodeOnly    \tfalse\t\t\t\t\t      If set to true, only scan source code.\n    openSourceOnly\t  \tfalse\t\t\t\t\t      Only run software composition analysis (SCA). Do not run static analysis.\n\tstaticAnalysisOnly\tfalse\t\t\t\t\t      Only run static analysis. Do not run software composition analysis (SCA).\n \tjspCompiler     \tDefault Tomcat JSP Compiler                   The JSP compiler path.\n\tthirdParty\t\tfalse\t\t\t\t\t      Include known third party packages in static analysis (not recommended).\n\tserviceUrl\t\tnull\t\t\t\t\t      REQUIRED for AppScan 360. The AppScan 360 service url. Not applicable to AppScan on Cloud.\n\tacceptssl\t\tfalse\t\t\t\t\t      Ignore untrusted certificates when connecting to AppScan 360. Only intended for testing purposes. Not applicable to AppScan on Cloud.\n\nAll options can be set through JVM parameters on the command line using the syntax -Doption=value. For example:\n\n\tgradle appscan-prepare -DirxName=MyApp\n\nAll options can also be set using an \"appscanSettings\" block in the build script. For example:\n\n\tappscanSettings {\n\t\tirxName=\"MyApp\"\n\t\tirxDir=\"/myApplication/sample\"\n\t}\n\nThe appscanKey and appscanSecret options can be specified in the user's gradle.properties file. This avoids the need to specify authentication information in the build script or command line. For example, add the following lines to ~/.gradle/gradle.properties (create the file if it doesn't exist):\n\n\tappscanKey=\"2358cd02-3fs3-322c-62c9-b5cc63c61f2a\"\n\tappscanSecret=\"qU939siTXgF7csk3jSig+Vza7ilWLu/Uy/ReWye5E/c=\"\n\nYou can generate an API key id/secret [here](https://cloud.appscan.com/main/apikey).\n\nTo only scan source code, use the -DsourceCodeOnly option on the command line. For example:\n\n\tgradle appscan-prepare -DsourceCodeOnly\n\n\n# License\n\nAll files found in this project are licensed under the [Apache License 2.0](LICENSE).\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhcl-tech-software%2Fappscan-gradle-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhcl-tech-software%2Fappscan-gradle-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhcl-tech-software%2Fappscan-gradle-plugin/lists"}