Skip to content
You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
lock

GitHub Action

HCL AppScan Static Analyzer

v1.0.3

HCL AppScan Static Analyzer

lock

HCL AppScan Static Analyzer

Scan for security issues in code

Installation

Copy and paste the following snippet into your .yml file.

 
              
- name: HCL AppScan Static Analyzer

              
  uses: HCL-TECH-SOFTWARE/[email protected]
Learn more about this action in HCL-TECH-SOFTWARE/appscan-sast-action

Choose a version

HCL AppScan SAST Github Action

Your code is better and more secure with HCL AppScan.

The HCL AppScan SAST Github Action enables you to run static analysis security testing (SAST) against the files in your repository. The SAST scan identifies security vulnerabilities in your code and stores the results in AppScan on Cloud.

Usage

Register

If you don't have an account, register on HCL AppScan on Cloud (ASoC) to generate your API key and API secret.

Setup

  1. Generate your API key and API secret on the API page.
  • The API key and API secret map to the asoc_key and asoc_secret parameters for this action. Store the API key and API secret as secrets in your repository. adingkeys_animation
  1. Create the application in ASoC.
  • The application ID in ASoC maps to application_id for this action.

Required Inputs

Name Description
asoc_key Your API key from the API page
asoc_secret Your API secret from the API page
application_id The ID of the application in ASoC.

Optional Inputs

Name Description Default Value
scan_name The name of the scan created in ASoC. The GitHub repository name
personal_scan Make this a personal scan. false
static_analysis_only Only run static analysis. Do not run SCA (Software Composition Analysis). false
open_source_only Only run SCA (Software Composition Analysis). Do not run static analysis. false
scan_build_outputs By default only source code files will be analyzed. Enabling this option will result in build output files for Java and .NET to be analyzed (.jar/.war/.ear/.dll/.exe). Additionally, Maven, Gradle, and Visual Studio solutions will be built if the build environment is available. false
wait_for_analysis By default this action will initiate the scan in ASoC, but it will not wait for analysis to complete. Enabling this option will cause the action to wait for analysis to complete. Note that this will cause the action to run longer. false
analysis_timout_minutes If wait_for_analysis is true, the number of minutes to wait for analysis to complete. 30 minutes
fail_for_noncompliance If wait_for_analysis is true, fail the job if any non-compliant issues are found in the scan. false
failure_threshold If fail_for_noncompliance is enabled, the severity that indicates a failure. Lesser severities will not be considered a failure. For example, if failure_threshold is set to Medium, Informational and/or Low severity issues will not cause a failure. Medium, High, and/or Critical issues will cause a failure. Low

Examples

name: "HCL AppScan SAST"
on:
  workflow_dispatch
jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Run AppScan SAST scan
        uses: HCL-TECH-SOFTWARE/[email protected]
        with:
          asoc_key: ${{secrets.ASOC_KEY}}
          asoc_secret: ${{secrets.ASOC_SECRET}}
          application_id: e35ea96d-cae0-499a-a3ed-7a4efd77b269