HCL AppScan Standard integration
HCL AppScan Standard is the desktop DAST scanner. Export the scan report as XML and upload it against the AppScan source — Centraleyezer resolves AppScan’s cross-referenced report structure (issue types, advisories, fix recommendations and URL groups) into complete, deduplicated findings on the scanned web application.
Scan types imported
- Dynamic web application testing (DAST)
- Full test HTTP traffic evidence
File import
Upload the AppScan Standard XML report. The template walks each issue and resolves its issue-type, advisory and URL references from the report’s lookup groups.
What Centraleyezer expects in the file
- The standard AppScan Standard XML report export (with issue-group, issue-type-group, advisory-group and url-group sections intact).
- Per issue: issue type name, CWE, CVE, technical description from the advisory, fix recommendation, affected URL and severity (AppScan severity 1–3).
- Test HTTP traffic — request and response chunks — is preserved as finding evidence.
- The web asset is matched by the scan’s starting URL.
How imported findings are risk-scored
Every HCL AppScan Standard finding is normalised into Centraleyezer’s risk model on import: the scanner’s native severity scale maps to a configurable DREAD vector (Damage, Reproducibility, Exploitability, Affected users, Discoverability), which combines with asset criticality, network exposure, exploitability intelligence and the platform’s other risk factors to produce one comparable risk score across every scanner you run. CVE, CVSS and CWE metadata are preserved on the finding for reference and reporting, and duplicate findings from repeated imports are automatically correlated instead of creating noise.
Related integrations
HCL AppScan on Cloud
Connect HCL AppScan on Cloud with an API key — Centraleyezer imports both DAST and SAST open issues, with HTTP evidence or source call traces per finding.
HCL AppScan 360
Connect your self-managed HCL AppScan 360 deployment — same API-key integration as AppScan on Cloud, pointed at your own AppScan 360 hostname.