Git Product home page Git Product logo

asoc_demo's Introduction

Introduction

This is an example that demonstrate the ease of use of ASoC's powerful REST API capabilities by integrating ASoC SAST security scan with Github Actions.

Within 7 simple REST API method calls, we are able to check out a source code from a github repo, have a SAST scan submitted into ASoC for a static analysis with full data flow analysis and get return the scan result back in HTML format.

The example shows the process of scanning a .net core project. The full YAML script is in config.yml

ASoC REST API used in this example

Account/ApiKeyLogin

/FileUpload

/Scans/StaticAnalyzer

/Scans/$scan_ID/Executions

/Reports/Security/Scan/$scan_ID

/Reports/$report_ID

/Reports/Download/$report_ID

ASoC's full REST API list:

https://cloud.appscan.com/swagger/ui/index

Setup instructions

Step 1. To set this up, first setup ASoC API Key and Secret as environment variables github project

image

Step 2. Ensure the presence of appscan-config.xml in the code repo

The appscan-config.xml is generated by running the AppScan Go utility. For instructions on how to use AppScan Go, see link: https://help.hcltechsw.com/appscan/ASoC/src_irx_gen_gui.html

image

Step 3. Run the Github Action workflow "AppScan on Cloud SAST workflow"

Details around the workflow "AppScan on Cloud SAST workflow" can be found here: image

To run the workflow manually, go to Github Actions -> AppScan on Cloud SAST Workflow -> Run workflow. See screenshot: image

Step 4. Observe the workflow in progress:

image

Step 5. Retrieve "html" report from Github Actions Artifacts

image

Step 6. Opening the html report

image

asoc_demo's People

Contributors

fervidnerd avatar raybeorn avatar antonychiu2 avatar jerryhoff avatar

Stargazers

avatar

Watchers

avatar

Forkers

cwtravis alxbusd kwansoon ctibordudahcl sudhir649 surfinerd rehan80 letsgitty oresteegidio

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.