Child pages
  • IBM Security AppScan Source Scanner Plugin

Due to some maintenance issues, this service has been switched in read-only mode, you can find more information about the why

and how to migrate your plugin documentation in this blogpost

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Plugin Information

View IBM Security AppScan Source Scanner on the plugin site for more information.

 Project Description

The purpose of this plugin is to allow Jenkins to perform static code analysis (SCA/SAST) with IBM AppScan Source for Analysis with minimal configuration. AppScan Source for Analysis is a security tool provided by IBM that will scan application source code for vulnerabilities. Configuring AppScan Source to perform automated scanning with custom batch jobs or shell scripts can be a time-consuming and error-prone process. This Jenkins plugin greatly simplifies the process of automating AppScan Source by providing global settings and simple scan configuration within Jenkins.For more information on IBM AppScan Source, please visit the official IBM site


This plugin requires the following:

  • A valid license for AppScan Source for Analysis and AppScan Source for Automation
    Note: The automation license is required to unlock the command-line interface (cli) functionality
  • AppScan Source for Analysis must be installed on the same server as Jenkins
  • The AppScan Source project or application files for the application(s) you are scanning (.PAF, .PPF, etc)
  • Application source code and dependencies must already be referenced in the AppScan Source project or application files

Plugin Setup

Before using this plugin, a login token must be generated via the AppScanSrcCLI application. To generate a login token:

  • Open a command prompt
  • Navigate to the bin folder in your AppScan Source install folder
    • Ex: cd c:\program files(x86)\IBM\AppScan Source\bin
  • Execute the AppScan Source CLI login command
    • AppScanSrcCli.exe login http://hostname:9443/ase username password -persist -acceptssl
    • Be sure to replace hostname, username, and password with valid values for your installation
  • This will create a file called ouncecli.token under c:\users{username}\.ounce\. Verify that this file exists and make note of the location

For additional reading on the login command, please see IBM's documentation:

Execute application scans with IBM Security AppScan Source

For additional information about this plugin, please see the project's README on GitHub

  • No labels