Thanks to visit codestin.com
Credit goes to github.com

Skip to content

antonychiu2/ASoC_Demo

BranchesTags

Repository files navigation

Introduction

This is an example that demonstrate the ease of use of ASoC's powerful REST API capabilities by integrating ASoC SAST security scan with Github Actions.

Within 7 simple REST API method calls, we are able to check out a source code from a github repo, have a SAST scan submitted into ASoC for a static analysis with full data flow analysis and get return the scan result back in HTML format.

The example shows the process of scanning a .net core project. The full YAML script is in config.yml

ASoC REST API used in this example

Account/ApiKeyLogin

/FileUpload

/Scans/StaticAnalyzer

/Scans/$scan_ID/Executions

/Reports/Security/Scan/$scan_ID

/Reports/$report_ID

/Reports/Download/$report_ID

ASoC's full REST API list:

https://cloud.appscan.com/swagger/ui/index

Setup instructions

Step 1. To set this up, first setup ASoC API Key and Secret as environment variables github project

image

Step 2. Ensure the presence of appscan-config.xml in the code repo

The appscan-config.xml is generated by running the AppScan Go utility. For instructions on how to use AppScan Go, see link: https://help.hcltechsw.com/appscan/ASoC/src_irx_gen_gui.html

image

Step 3. Run the Github Action workflow "AppScan on Cloud SAST workflow"

Details around the workflow "AppScan on Cloud SAST workflow" can be found here: image

To run the workflow manually, go to Github Actions -> AppScan on Cloud SAST Workflow -> Run workflow. See screenshot: image

Step 4. Observe the workflow in progress:

image

Step 5. Retrieve "html" report from Github Actions Artifacts

image

Step 6. Opening the html report

image

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

10 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages