This is an example that demonstrate the ease of use of ASoC's powerful REST API capabilities by integrating ASoC SAST security scan with Github Actions.
Within 7 simple REST API method calls, we are able to check out a source code from a github repo, have a SAST scan submitted into ASoC for a static analysis with full data flow analysis and get return the scan result back in HTML format.
The example shows the process of scanning a .net core project. The full YAML script is in config.yml
Account/ApiKeyLogin
/FileUpload
/Scans/StaticAnalyzer
/Scans/$scan_ID/Executions
/Reports/Security/Scan/$scan_ID
/Reports/$report_ID
/Reports/Download/$report_ID
https://cloud.appscan.com/swagger/ui/index
The appscan-config.xml is generated by running the AppScan Go utility. For instructions on how to use AppScan Go, see link: https://help.hcltechsw.com/appscan/ASoC/src_irx_gen_gui.html
Details around the workflow "AppScan on Cloud SAST workflow" can be found here:
To run the workflow manually, go to Github Actions -> AppScan on Cloud SAST Workflow -> Run workflow. See screenshot: