Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enabling AppScan Static Analysis #73

Open
gegles opened this issue Apr 8, 2022 · 2 comments
Open

Enabling AppScan Static Analysis #73

gegles opened this issue Apr 8, 2022 · 2 comments
Assignees
@dwosk
Labels
CI Continuous Integration SPbD Security and Privacy by Design

Comments

@gegles
Copy link
Member

gegles commented Apr 8, 2022

Ideally using this GH action.

The AppScan AppId/Page is: a3677bd0-1901-442a-b30b-089f398e2c60
@gegles gegles added the CI Continuous Integration label Apr 8, 2022
@dwosk
Copy link
Member

dwosk commented Apr 8, 2022
edited
Loading

After looking at the ASoC GitHub Action, I'm not sure it actually does what we want.

  1. It only initiates a scan on a PR, and it will only scan those files that were changed in the PR. It won't scan all the source code.
  2. The scan results are only available in the PR (under the Checks tab) and not in the ASoC Web UI.

We'd prefer that it scan the entire codebase and show the scan results in the Web UI, which doesn't seem possible using this GH action.

See this comment for more info.

@gegles gegles added the SPbD Security and Privacy by Design label Apr 8, 2022
@gegles gegles changed the title Enabling AppScan Static & Dynamic Analysis Enabling AppScan Static Analysis Jul 12, 2022
@mattmurp
Copy link

mattmurp commented Oct 31, 2022
edited
Loading

Hi. Just wanted to let you know that we just published a new GitHub Action that allows you to scan all files in your repository with AppScan on Cloud. https://github.com/marketplace/actions/hcl-appscan-static-analyzer
If you're interested in trying it out, it would be great get your feedback. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dwosk dwosk

Labels
CI Continuous Integration SPbD Security and Privacy by Design
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dwosk @gegles @mattmurp