{"id":23624875,"url":"https://github.com/hcl-tech-software/appscan-maven-plugin","last_synced_at":"2026-01-11T17:39:19.962Z","repository":{"id":39741888,"uuid":"146470770","full_name":"HCL-TECH-SOFTWARE/appscan-maven-plugin","owner":"HCL-TECH-SOFTWARE","description":"Maven plugin for integrating with HCL AppScan on Cloud","archived":false,"fork":false,"pushed_at":"2024-10-03T18:45:34.000Z","size":99,"stargazers_count":4,"open_issues_count":6,"forks_count":14,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-12-20T12:15:34.641Z","etag":null,"topics":["appscan","hcl-appscan"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HCL-TECH-SOFTWARE.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-08-28T15:47:39.000Z","updated_at":"2024-08-12T14:01:34.000Z","dependencies_parsed_at":"2023-02-16T21:10:17.272Z","dependency_job_id":"fc5086c3-0374-4560-a623-2478ccb4eeed","html_url":"https://github.com/HCL-TECH-SOFTWARE/appscan-maven-plugin","commit_stats":null,"previous_names":["hclproducts/appscan-maven-plugin"],"tags_count":16,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HCL-TECH-SOFTWARE%2Fappscan-maven-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HCL-TECH-SOFTWARE%2Fappscan-maven-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HCL-TECH-SOFTWARE%2Fappscan-maven-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HCL-TECH-SOFTWARE%2Fappscan-maven-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HCL-TECH-SOFTWARE","download_url":"https://codeload.github.com/HCL-TECH-SOFTWARE/appscan-maven-plugin/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":231539822,"owners_count":18392343,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appscan","hcl-appscan"],"created_at":"2024-12-27T21:16:56.148Z","updated_at":"2026-01-11T17:39:19.915Z","avatar_url":"https://github.com/HCL-TECH-SOFTWARE.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# HCL AppScan on Cloud Maven Plugin\n\nApply the power of static application security testing with HCL AppScan on Cloud – a SaaS solution that helps to eliminate vulnerabilities from applications before they are deployed. HCL AppScan on Cloud integrates directly into the SDLC, providing static, dynamic, mobile and open source testing.\n\nYou can submit static and open source scans directly from the HCL AppScan on Cloud Maven plugin or use it to generate an IRX file for later submission to the service. The results are ready quickly (90% are ready in less than one hour) having been honed by Intelligent Finding Analytics, which uses HCL's Artificial Intelligence capabilities to greatly reduce false positives and other noise by an average of more than 98%. IFA also displays optimal locations for developers to fix multiple vulnerabilities in the code. Click [here](https://securityintelligence.com/intelligent-finding-analytics-cognitive-computing-application-security-expert/) for more information.\n\nNot yet a customer of HCL AppScan on Cloud? Click [here](https://cloud.appscan.com/) for a free trial of Application Security on Cloud to use with this plugin\n\n# Prerequisites:\n\n- An account on the [HCL AppScan on Cloud](https://cloud.appscan.com/) service. You'll need to [create an application](https://help.hcltechsw.com/appscan/ASoC/ent_create_application.html) on the service to associate your scans with.\n\n# Goals:\n\n- \u003cb\u003eprepare\u003c/b\u003e:  Generates an IRX file for all jar, war, and ear projects in the build. The IRX file will be generated in the root project's \"target\" directory by default.\n- \u003cb\u003eanalyze\u003c/b\u003e:  Generates an IRX file for all jar, war, and ear projects in the build and submits it to the HCL AppScan on Cloud service for analysis. This task requires an api key, secret, and application id. The IRX file will be generated in the root project's \"target\" directory by default.\n- \u003cb\u003elistTargets\u003c/b\u003e:  Lists the targets that will be included in the generated .irx file.\n\n# Usage:\n\nTo execute the \"prepare\" goal, run the following command:\n\n\tmvn com.hcl.security:appscan-maven-plugin:prepare\n\t\nTo execute the \"analyze\" goal, run the following command:\n\n\tmvn com.hcl.security:appscan-maven-plugin:analyze\nThis goal requires the appId, appscanKey, and appscanSecret paramaters.\n  \nNote: The above commands can be simplified by adding com.hcl.security to the list of plugin groups in your Maven settings.xml. To do so, add the following to ~/.m2/settings.xml or ${maven.home}/conf/settings.xml:\n\n\t\u003cpluginGroups\u003e\n  \t  \u003cpluginGroup\u003ecom.hcl.security\u003c/pluginGroup\u003e\n\t\u003c/pluginGroups\u003e\n\nAfter doing so, you can execute the prepare goal using the \"appscan\" prefix. For example:\n\n\tmvn appscan:prepare\n\n# Configurable Options:\n\n\tOPTION:\t\t\tDEFAULT VALUE\t\t\t\t\tDESCRIPTION\n    output\t\t\u003croot project\u003e/target/\u003croot project name\u003e.irx\tThe name and/or location of the generated .irx file. If the selected path does not exist, the default path is applied.\n    appId\t\tnull - Required for 'analyze' goal\t\tThe id of the application in the cloud service.\n    appscanKey\tnull - Required for 'analyze' goal        \tThe user's API key id for authentication.\n    appscanSecret\tnull - Required for 'analyze' goal        \tThe user's API key secret for authentication.\n    namespaces\t\tnull\t\t\t\t\tOverride automatic namespace detection. Set to \"\" to disable namespace detection.\n    sourceCodeOnly\t\tfalse\t\t\t\t\tIf set to true, only scan source code.\n    openSourceOnly\t\tfalse\t\t\t\t\tOnly run software composition analysis (SCA). Do not run static analysis.\n    staticAnalysisOnly\tfalse\t\t\t\t\tOnly run static analysis. Do not run software composition analysis (SCA).\n    jspCompiler     Default Tomcat JSP Compiler                     The JSP compiler path.\n    thirdParty\t\tfalse\t\t\t\t\tInclude known third party packages in static analysis (not recommended).\n    serviceUrl\t\tnull\t\t\t\t\tREQUIRED for AppScan 360. The AppScan 360 service url. Not applicable to AppScan on Cloud.\n    acceptssl\t\tfalse\t\t\t\t\tIgnore untrusted certificates when connecting to AppScan 360. Only intended for testing purposes. Not applicable to AppScan on Cloud.\n\n# License\n\nAll files found in this project are licensed under the [Apache License 2.0](LICENSE).\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhcl-tech-software%2Fappscan-maven-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhcl-tech-software%2Fappscan-maven-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhcl-tech-software%2Fappscan-maven-plugin/lists"}