All integrations
DASTSAST

HCL AppScan 360 integration

AppScan 360 is HCL’s self-managed deployment of the AppScan platform, exposing the same REST API as AppScan on Cloud. Centraleyezer connects to it exactly like ASoC — you simply configure your AppScan 360 hostname instead of cloud.appscan.com — and imports both DAST and SAST open issues per application.

Scan types imported

  • Dynamic web application testing (DAST)
  • Static source code analysis (SAST)

API connection

Create an API key in your AppScan 360 instance and configure the DAST and/or SAST source against your deployment’s hostname. DAST maps assets to applications by URL, SAST by application name; issues are imported with the same fidelity as the on-cloud integration.

Configuration

Hostname
Your AppScan 360 deployment hostname (replaces cloud.appscan.com; HTTPS, same /api/v4 REST surface).
API Key ID
The AppScan API key identifier (username field).
API Key Secret
The AppScan API key secret (password field). Login via /api/v4/Account/ApiKeyLogin, bearer token thereafter.
Application mapping
DAST: asset URL ↔ application URL. SAST: asset name ↔ application name.
Proxy (optional)
HTTP proxy host:port plus optional proxy credentials — useful when AppScan 360 sits in a separate network segment.

Where to get the credentials

Generate an API Key ID/Secret pair in your AppScan 360 web UI (Settings → API), the same flow as AppScan on Cloud.

What gets imported on every run

  • All open DAST and/or SAST issues per matched application, paged 1,000 at a time.
  • Issue type, severity (Informational → Critical), CVE, CVSS, CWE and location per issue.
  • DAST: raw HTTP request/response evidence. SAST: source file, line and full call trace with Best Fix Point markers.
  • Issue-type articles parsed into description and fix recommendation.
Using the desktop AppScan Standard scanner? Its XML report is imported file-based — see HCL AppScan Standard.

How imported findings are risk-scored

Every HCL AppScan 360 finding is normalised into Centraleyezer’s risk model on import: the scanner’s native severity scale maps to a configurable DREAD vector (Damage, Reproducibility, Exploitability, Affected users, Discoverability), which combines with asset criticality, network exposure, exploitability intelligence and the platform’s other risk factors to produce one comparable risk score across every scanner you run. CVE, CVSS and CWE metadata are preserved on the finding for reference and reporting, and duplicate findings from repeated imports are automatically correlated instead of creating noise.

See the HCL AppScan 360 integration live

Book a demo and we’ll connect your HCL AppScan 360 data and walk through risk-based prioritisation on your own findings.

HCL AppScan 360 Integration — Setup & Imported Scan Types