The AppScan Source for Analysis work environment consists of multiple perspectives and views, which contain different assessment or scan data.
AppScan Source for Analysis views provide alternative presentations of findings (some of which support code editing) - and they allow you to navigate the information in your workbench. For example, the Explorer view displays applications, projects, and other resources. A view might appear by itself, or stacked with other views in a tabbed notebook. You can change the layout of a perspective by opening and closing views and by docking them in different positions in the workbench window.
Views are described in greater detail in these sections:
v “Configuration views”
v “Views that assist with scan output” on page 203 v “Views that assist with triage” on page 206
v “Views that allow you to investigate a single finding” on page 216 v “Views that allow you to work with assessments” on page 220 v “Bundles view” on page 222
Configuration views
The views in this section are used for configuring AppScan Source.
v “Custom Rules view”
v “Explorer view” on page 44
v “Scan Rule Library view” on page 157 v “Properties view” on page 191
v “Scan Configuration view” on page 66 v “Report Editor” on page 141
Custom Rules view
In the Custom Rules view, you create custom rules with the Custom Rules Wizard.
Add, view, or delete existing rules.
See “Creating custom rules” on page 148 for more details.
Explorer view
The Explorer view contains a Quick Start section at the top - and an explorer section at the bottom which contains one node, All Applications. The Quick Start section contains several useful links that launch common actions. The explorer section consists of a tree pane that provides a hierarchical view of your resources:
applications, projects, directories, and project files, with All Applications as its root. You navigate these resources much like a file browser. As you navigate the view, the selection state of the tree determines the available tabs in the Properties view.
v “General information” on page 44 v “Quick Start section” on page 45
v “Toolbar buttons” on page 45
v “Right-click menu options” on page 46
v “Application and project indicators” on page 48
General information
In the Explorer view, you add applications and projects and scan code using toolbar buttons, links in the Quick Start section, or right-click menu commands in the explorer section. Once you have added applications, the explorer section provides visual indicators of your applications and projects and the status of each.
Tip: In the Explorer view, hover help is available to indicate the file name and path of applications, projects, and files. Hover help also indicates if an application or project is registered.
Quick Start section
The Quick Start section offers these links for launching common tasks:
v Import an Xcode project or workspace: This launches an Open dialog box, which allows you to browse for and add an existing .xcodeproj or .xcworkspace directory as an AppScan Source application.
v Import an Eclipse-based workspace: This launches the Add Workspace dialog box, which allows you to add an existing Eclipse or IBM Rational Application Developer for WebSphere Software (RAD) workspace that contains Java projects.
After the workspace has been imported, you will be able to scan any Java projects that it contains.
Note: Before importing a workspace, be certain that you have installed and updated the development environment as described in “Configuring your development environment for Eclipse and Rational Application Developer for WebSphere Software (RAD) projects” on page 29.
v Import from an application server: Import an existing Java applications from an Apache Tomcat or WebSphere Application Server Liberty application server.
v Open an assessment: This launches an Open dialog box, which allows you to browse for an AppScan Source assessment file. File types that can be opened include .ozasmt and .xml.
Toolbar buttons
Table 29. Toolbar buttons
Action Icon Description
Add Application Menu Clicking the down-arrow on
the Add Application Menu button allows you to select actions for creating a new application, opening an existing application, importing a workspace, or launching the Application Discovery Assistant.
Scan Selection The Scan Selection button
allows you to scan the object that is selected in the explorer section. The default scan configuration will be used for the scan. To choose a different scan configuration to use for the scan, click the down-arrow on the Scan Selectionbutton. Select the scan configuration that you want to use - or choose the Edit Configurationsaction to set a different scan configuration as default (in the Scan Configuration view, select the configuration that you want to set as default, and then click Select as Default).
View Menu The View Menu button
opens a menu that allows you to refresh the explorer section and hide registered items.
Right-click menu options
The availability of right-click menu options is determined by the item that is selected in the explorer section.
v When All Applications is selected in the explorer section, these right-click menu options are available:
– Scan All Applications: Scan all applications. The scan will run with the default scan configuration.
– Scan All Applications With: Select the scan configuration that you want to use - or choose the Edit Configurations action to set a different scan configuration as default (in the Scan Configuration view, select the configuration that you want to set as default, and then click Select as Default).
– Add Application
- Create a new application: Add a new application to the set of applications.
This action launches the New Application Wizard.
- Open an existing application: This launches an Open dialog box, which allows you to browse for and add an existing application to the set of applications. File or directory types that can be added include .paf, .xcodeproj, .xcworkspace, and .ewf.
- Import an existing Eclipse-based workspace: This launches the Add Workspace dialog box, which allows you to add an existing Eclipse or IBM Rational Application Developer for WebSphere Software (RAD) workspace that contains Java projects. After the workspace has been imported, you will be able to scan any Java projects that it contains.
Note: Before importing a workspace, be certain that you have installed and updated the development environment as described in “Configuring your development environment for Eclipse and Rational Application Developer for WebSphere Software (RAD) projects” on page 29.
- Discover applications: This launches the Application Discovery Assistant, which allows to you to quickly create and configure applications and projects for Java source code.
– Expand All – Collapse All
– Properties: Selecting this opens the Properties view for the selected item.
v When an application is selected in the explorer section, these right-click menu options are available:
– Scan Application: Scan the selected application, project, or file. The scan will run with the default scan configuration.
– Scan Application With: Select the scan configuration that you want to use -or choose the Edit Configurations action to set a different scan configuration as default (in the Scan Configuration view, select the configuration that you want to set as default, and then click Select as Default).
– Add Project
- New Project: If an application is selected in the Explorer view, this action is available and choosing it allows you to add a new project to the
application. This action launches the New Project Wizard.
- Existing Project: If an application is selected in the Explorer view, this action is available and choosing it allows you to add an existing project to the application. This action launches a dialog box that allows you to browse for a .ppf or .epf file - or .xcodeproj directory - to open.
- Multiple Projects: Add multiple projects to the application that is selected in the Explorer view. This action launches a dialog box that allows you to complete one of these tasks:
v Specify a directory in which to search for projects.
v Specify a workspace in which to search for projects.
In the search results, you can select one or more projects to add.
– Remove Application: If an application is selected in the Explorer view, this action is available and choosing it removes the selected application.
– Add Custom Finding: This action launches the Create Custom Finding dialog box, allowing you to create a custom finding for the selected application.
– Refresh: Refresh the contents of a selected application, project, or view.
– Register/unregister:
- Register Application: Register the selected application or project with AppScan Source. You must register applications and projects before they can be published to the AppScan Source Database.
- Register Application As...: Select this to reregister an application with a new name.
- Unregister Application: Unregister the selected application or project.
- Locate: Select this to associate a local application or project with one that has been registered by another AppScan Source user.
– Expand All – Collapse All
– Properties: Selecting this opens the Properties view for the selected item.
v When a project is selected in the explorer section, these right-click menu options are available:
– Scan Project: Scan the selected application, project, or file. The scan will run with the default scan configuration.
– Scan Project With: Select the scan configuration that you want to use - or choose the Edit Configurations action to set a different scan configuration as default (in the Scan Configuration view, select the configuration that you want to set as default, and then click Select as Default).
– Copy Project: If a project is selected in the Explorer view, this action is available and choosing it opens a dialog box that allows you to copy the project to another application - or create a copy of the project in the application that currently contains the project.
– Remove Project: Remove the selected object.
– Register/unregister:
- Register Project: Register the selected application or project with AppScan Source. You must register applications and projects before they can be published to the AppScan Source Database.
- Unregister Project: Unregister the selected application or project.
- Locate: Select this to associate a local application or project with one that has been registered by another AppScan Source user.
– Expand All – Collapse All
– Properties: Selecting this opens the Properties view for the selected item.
v When a file is selected in the explorer section, these right-click menu options are available:
– Scan File: Scan the selected application, project, or file. The scan will run with the default scan configuration.
– Scan File With: Select the scan configuration that you want to use - or choose the Edit Configurations action to set a different scan configuration as default (in the Scan Configuration view, select the configuration that you want to set as default, and then click Select as Default).
– Exclude from Scans: Remove the selected file from scans.
– Open in Internal Editor: Open the selected file in the AppScan Source editor (in the Analysis perspective).
– Open in External Editor: Choose an external editor in which to open the selected file.
– Properties: Selecting this opens the Properties view for the selected item.
Application and project indicators
This table identifies the application and project icons in the Explorer view.
Table 30. Application and Project Icons Application or
project type Not registered Registered Missing/Not Found Imported application
Application that is created manually or created using the Application Discovery Assistant Imported project Project that is created manually or created using the Application Discovery Assistant
The Explorer view displays local applications and projects as well as those registered on the server (those that are registered on the server but not saved locally - for example, applications and projects registered by other users - appear greyed out). If you click the toolbar View Menu button and toggle the Hide items registered on the servermenu item so it is not selected, you can view existing server applications and projects. If a project is greyed out, you can right-click and choose Locate in the menu.
Scan Rule Library view
Pattern-based scanning is an analysis of your source code based on customized search criteria. The Scan Rule Library view allows you to view existing
pattern-based scan rules, by language (including the out-of-the-box AppScan Source scan rule library). In addition, the view allows you to add rules and patterns for pattern-based scanning.
Once you build a scan rule library, you can apply the pattern analysis to specific applications or projects. See “Customizing with pattern-based scan rules” on page 152 for details about pattern searches.
Properties view
The contents of the Properties view depend on the item that is selected in the Explorer view. Properties apply to all applications, individual applications, projects, or files. Visible properties depend on the language or selected project type.
v “Properties view: all applications”
v “Properties view: selected application” on page 158 v “Properties view: selected project” on page 160 v “File properties” on page 198
Properties view: all applications
If you select All Applications in the Explorer view, the Properties view displays the Overview and Filters tabs.
Overview
The Overview tab displays global attributes. Attributes are named groupings of user-defined items with similar characteristics. You add or delete attributes and their values.
Filters
This tab allows you to specify existing filters for all applications, and how you want the filters applied (a filter can be applied directly - or its inverse can be applied). See Chapter 5, “Triage and analysis,” on page 79 for information about filters - and “Applying filters globally” on page 95 for details about applying them globally.
Filtered findings do not appear in scan results or factor into application or project metrics.
Adding and removing global attributes:
You must define attributes for All Applications before grouping attributes for applications.
About this task
To delete a global attribute or its value, select the attribute name or attribute value and click Remove Attribute. The name or value no longer appears in the list.
Note: Deleting an attribute does not affect historical results.
To add a global attribute and its value, follow the steps below.
Procedure
1. Select All Applications.
2. In the Properties view Overview tab, type a name for the attribute.
3. Click Add Attribute. The attribute name appears in the Name list.
4. Select the named attribute.
5. Type a Value for the attribute.
6. Click Add Value. The attribute value appears in the value list.
Properties view: selected application
In this view, you configure attributes for the selected application. Application attributes depend on previously-created global attributes.
v “Overview” on page 159
v “Exclusions and Filters” on page 159 v “Scan Rules and Rule Sets” on page 159 v “Modified Findings” on page 159 v “Custom Findings” on page 160 Overview
The Overview tab displays:
v The application name. The application can be renamed by entering a new name in the field.
v Application attributes