Child pages
  • IBM Security AppScan Source Scanner Plugin

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • A valid license for AppScan Source for Analysis and AppScan Source for Automation
    Note: The automation license is required to unlock the command-line interface (cli) functionality
  • AppScan Source for Analysis must be installed on the same server as Jenkins
  • The AppScan Source project or application files for the application(s) you are scanning (.PAF, .PPF, etc)
  • Application source code and dependencies must already be referenced in the AppScan Source project or application files

Plugin Setup

Before using this plugin, a login token must be generated via the AppScanSrcCLI application. To generate a login token:

  • Open a command prompt
  • Navigate to the bin folder in your AppScan Source install folder
    • Ex: cd c:\program files(x86)\IBM\AppScan Source\bin
  • Execute the AppScan Source CLI login command
    • AppScanSrcCli.exe login http://hostname:9443/ase username password -persist -acceptssl
    • Be sure to replace hostname, username, and password with valid values for your installation
  • This will create a file called ouncecli.token under c:\users{username}\.ounce\. Verify that this file exists and make note of the location

For additional reading on the login command, please see IBM's documentation:


Execute application scans with IBM Security AppScan Source