IBM® Security AppScan® Source delivers
maximum value to every user in your organization who plays a role
in software security. Whether a security analyst, quality assurance
professional, developer, or executive, the AppScan Source products
deliver the functionality, flexibility, and power you need - right
to your desktop.
The product set includes:
- AppScan Source
for Analysis:
Workbench to configure applications and projects, scan code, analyze,
triage, and take action on priority vulnerabilities.
- AppScan Source
for Automation:
Allows you to automate key aspects of the AppScan Source workflow
and integrate security with build environments during the software
development life cycle.
- AppScan Source for Development:
Developer plug-ins integrate many AppScan Source
for Analysis features
into Microsoft Visual Studio,
the Eclipse workbench, and Rational® Application
Developer for WebSphere® Software
(RAD). This allows
software developers to find and take action on vulnerabilities during
the development process. The Eclipse plug-in allows you to scan source
code for security vulnerabilities - and you can scan IBM MobileFirst
Platform projects
with the Eclipse plug-in.
To enhance the value of AppScan Source within your
organization, the products include these components:
- AppScan Source Security Knowledgebase:
In-context intelligence on each vulnerability, offering precise descriptions
about the root cause, severity of risk, and actionable remediation
advice.
- AppScan Enterprise Server: Most
AppScan Source products and components must communicate
with an AppScan Enterprise Server. Without one,
you can use AppScan Source for Development in local mode - but features such as custom rules,
shared scan configurations, and shared filters will be unavailable.
The server provides
centralized user management capabilities and a mechanism for sharing assessments via the AppScan Source Database. The server includes an optional
Enterprise Console component. If
your administrator installs this component, you can publish assessments to it from AppScan Source
for Analysis, AppScan Source
for Automation, and the AppScan Source
command line interface (CLI). The Enterprise Console offers a variety of
tools for working with your assessments - such as reporting features, issue management, trend
analysis, and dashboards.
Important: For some versions of
AppScan Source and
AppScan Enterprise, the version and release level of the two
products must match in order to connect from
AppScan Source to the
AppScan Enterprise Server. See
http://www.ibm.com/support/docview.wss?uid=swg21975211 to
learn which versions of
AppScan Source and
AppScan Enterprise are compatible.
Note: - AppScan Enterprise Server is not supported
on macOS.
- If you have a basic server license, the server may only be accessed by up to ten (10) concurrent
connections from AppScan products. With a
premium server license, unlimited connections are allowed.
Important: When scanning, AppScan Enterprise Server and AppScan Source clients (except AppScan Source for Development) both require
a direct connection to the AppScan Source Database (either solidDB® or Oracle).
This Software Offering does not use cookies or other technologies
to collect personally identifiable information.
Translated national languages
The AppScan Source user interfaces
are available in these languages:
- English
- Brazilian Portuguese
- Simplified Chinese
- Traditional Chinese
- German
- Spanish
- French
- Italian
- Japanese
- Korean
- Russian