Package: Invicti AppSec Core (on-demand), Invicti AppSec Enterprise (on-premise, on-demand)
HCL AppScan Standard DAST/API Integration
HCL AppScan Standard is a desktop-based DAST tool for testing web applications and APIs. In Invicti AppSec, AppScan Standard is an import-based scanner — you run scans in AppScan Standard independently and upload the exported report into Invicti AppSec.
HCL AppScan Standard is an Import-based scanner. Scans are run locally in AppScan Standard, and the exported report file is imported into Invicti AppSec. No live connection to AppScan Standard is established.
Prerequisites
| Requirement | Description |
|---|---|
| HCL AppScan Standard | A licensed installation of HCL AppScan Standard on a Windows machine |
| Scan Report | A completed AppScan Standard scan exported in XML format (.xml) |
No AppScan Standard API credentials are needed for this integration.
Step 1: Navigate to Integrations
From the left sidebar menu, click on Integrations.
Step 2: Select the DAST/API Tab
On the Integrations > Scanners page, click on the DAST/API tab.
Step 3: Find and Activate HCL AppScan Standard
Scroll through the list of DAST/API scanners to find HCL AppScan Standard.
- If HCL AppScan Standard is not activated, you will see an "Activate" button. Click it to enable the integration.
The scan method badge on the HCL AppScan Standard card shows UI-Import. No external API credentials or server connection are required. Scans are run locally in HCL AppScan Standard and the exported report is uploaded into Invicti AppSec.
Summary
| Step | Action |
|---|---|
| 1 | Navigate to Integrations from the sidebar |
| 2 | Select the DAST/API tab |
| 3 | Activate HCL AppScan Standard (no credentials needed) |
Import Results
Export from HCL AppScan Standard
- Open HCL AppScan Standard on your Windows machine.
- Complete a scan against your target application.
- Go to File > Save or Reports > Save Full Results.
- Select XML as the export format.
- Choose a file location and click Save.
Import into Invicti AppSec
Option A: UI Import
- Navigate to a project in Invicti AppSec.
- Go to Settings > Scanners > Add Scanner.
- Select DAST/API > HCL AppScan Standard.
- Click Import and upload the exported AppScan Standard report file (
.xml).
Option B: KDT CLI Import
kdt import -p <project_name> -t appscanstandard -f /path/to/appscan-standard-report.xml
Supported Export Formats
| Format | Description |
|---|---|
| XML | AppScan Standard XML export format |
Create a Scan (Import Flow)
Navigate to Project Scanners
- Open a project in Invicti AppSec.
- Go to Settings > Scanners.
- Click Add Scanner.
Add HCL AppScan Standard Scanner
- Select DAST/API as the scanner type.
- Choose HCL AppScan Standard from the scanner list.
- Click Add and follow the import steps above.
Scan Configuration Fields
| Field | Description | Required |
|---|---|---|
| Environment | Select the environment for the scan | No |
| Branch | Source code branch associated with this scan | No |
| Report File | AppScan Standard exported XML file to import | Yes |
Troubleshooting
Import Issues
| Issue | Resolution |
|---|---|
| File format not recognized | Ensure the export is in XML format; other formats may not be supported |
| Empty findings after import | Verify the AppScan Standard scan completed successfully before exporting |
| Import fails | Check that the XML file is not corrupted and conforms to the AppScan Standard export schema |
| Duplicate findings | Track which files have already been imported to avoid duplicating findings |
Best Practices
- Export scan reports immediately after scan completion.
- Use descriptive file names that include the scan date and target application for easy tracking.
- Import reports promptly to maintain current vulnerability status in Invicti AppSec.
- Validate that the exported XML file is complete and readable before importing.
Limitations
- This integration is import-only; Invicti AppSec cannot remotely trigger AppScan Standard scans.
- HCL AppScan Standard is a Windows-only desktop application; scan execution is manual.
- Only completed scan exports are supported; in-progress scan data cannot be imported.
- Supported format is limited to XML.
- Re-importing the same report may create duplicate findings if deduplication is not managed.
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center