HCL AppScan 360 integration
AppScan 360 is HCL’s self-managed deployment of the AppScan platform, exposing the same REST API as AppScan on Cloud. Centraleyezer connects to it exactly like ASoC — you simply configure your AppScan 360 hostname instead of cloud.appscan.com — and imports both DAST and SAST open issues per application.
Scan types imported
- Dynamic web application testing (DAST)
- Static source code analysis (SAST)
API connection
Create an API key in your AppScan 360 instance and configure the DAST and/or SAST source against your deployment’s hostname. DAST maps assets to applications by URL, SAST by application name; issues are imported with the same fidelity as the on-cloud integration.
Configuration
Where to get the credentials
Generate an API Key ID/Secret pair in your AppScan 360 web UI (Settings → API), the same flow as AppScan on Cloud.
What gets imported on every run
- All open DAST and/or SAST issues per matched application, paged 1,000 at a time.
- Issue type, severity (Informational → Critical), CVE, CVSS, CWE and location per issue.
- DAST: raw HTTP request/response evidence. SAST: source file, line and full call trace with Best Fix Point markers.
- Issue-type articles parsed into description and fix recommendation.
How imported findings are risk-scored
Every HCL AppScan 360 finding is normalised into Centraleyezer’s risk model on import: the scanner’s native severity scale maps to a configurable DREAD vector (Damage, Reproducibility, Exploitability, Affected users, Discoverability), which combines with asset criticality, network exposure, exploitability intelligence and the platform’s other risk factors to produce one comparable risk score across every scanner you run. CVE, CVSS and CWE metadata are preserved on the finding for reference and reporting, and duplicate findings from repeated imports are automatically correlated instead of creating noise.
Related integrations
HCL AppScan Standard
Import HCL AppScan Standard DAST results into Centraleyezer via the scanner’s XML report export — issue types, severities, CWE/CVE and HTTP evidence.
HCL AppScan on Cloud
Connect HCL AppScan on Cloud with an API key — Centraleyezer imports both DAST and SAST open issues, with HTTP evidence or source call traces per finding.