Security AppScan Source 8.6 now available

Downloadable files


Abstract

This document describes how to download and install IBM Security AppScan Source Version 8.6.

Download Description

Tab navigation


This release is a full product download.

  • Passport Advantage clients: Passport Advantage and Passport Advantage Express clients are required to sign in to Passport Advantage Online to download the image.

  • Non-Passport Advantage clients: If your organization did not purchase your software and support through Passport Advantage or Passport Advantage Express, you are required to sign in to the new IBM Software Group OEM Portal to download the image.

    Note: This includes clients with Flexible Contract Type (FCT) license purchases and IBM Business Partners.

    For assistance with the IBM Software Group OEM Portal, visit the eCustomer care page.


What's New in IBM Security AppScan Source Version 8.6:

  • Application Discovery Assistant:

    Security AppScan Source now offers a powerful Application Discovery Assistant which allows you to quickly create and configure applications and projects for Java source code and Microsoft Visual Studio solutions. The Application Discovery Assistant also allows you to locate Eclipse, IBM Rational Application Developer for WebSphere Software (RAD), or IBM WebSphere Studio Application Developer (WSAD) workspaces that contain Java projects. The Application Discovery Assistant allows you to point to your source, solution, or workspace directory - and then Security AppScan Source handles the rest.

  • Scan configuration:

    A new Scan Configuration view in Security AppScan Source for Analysis allows you to create configurations that you can use when launching scans. In a scan configuration, you can specify source rules to use during a scan - and you can include numerous scan settings. The settings made in a scan configuration can often lead to better scan results - and the ability to save these settings can make scanning easier and more time-efficient.

    Scan configurations that are created in Security AppScan Source for Analysis are used when launching scans from Security AppScan Source for Analysis, Security AppScan Source for Automation, Security AppScan Source for Development, and the Security AppScan Source command line interface (CLI).

  • Support for mobile applications

    IBM Security AppScan Source V8.6 extends IBM's industry-leading Static Application Security Testing (SAST) solution to mobile applications. AppScan Source v8.6 supports static analysis of Android mobile applications and leverages extensive Android-specific security research to provide a comprehensive solution to automate security analysis of Android applications. Organizations can now proactively address Android security risks before confidential information is compromised.

  • Improved installation workflow:

    The installation workflow and accompanying documentation for it have improved.

  • Simplified Security AppScan Source for Analysis user interface:

    In addition to general improvements to the Security AppScan Source for Analysis user interface, a Quick Start section has been added to the Explorer view - and a new Welcome view has been added. The Welcome view offers quick links to a variety of help resources, including an X-Force RSS feed. The Quick Start section offers links for launching common tasks, such as a quick launch for the Application Discovery Assistant.

  • Sample frameworks handler:

    Security AppScan Source now includes a sample handler that implements Framework for Frameworks information to support Enterprise Java Bean (EJB) 2 applications.

  • Built-in support for JavaServer Faces (JSF) and Struts 2 frameworks:

    Security AppScan Source now includes built-in support for JSF 2 and Struts 2.

  • Trace view improvements:

    The Security AppScan Source for Analysis Trace view now indicates virtual lost sinks and taint propagators in the call graph. In addition, more details are provided for each method call, including the tainted argument. Hover help is also now available for all method calls.

  • Publishing to a specified Security AppScan Enterprise Server folder:

    When publishing assessments to the AppScan Enterprise Console, you can now set a location on the server to publish to.

  • Various bug fixes.


Important Notes:
  • Solaris (SPARC) Version 10 is only supported for Security AppScan Source for Automation. No other Security AppScan Source products are supported on Solaris.

Security AppScan Source licensing:

Security AppScan Source provides a License Manager utility that is used for loading and updating license information on your client machine. This utility allows you to view your current license status - or you can use the utility to activate the product by importing a nodelocked license file or by using a floating license on a license server. Nodelocked licenses are tied to individual machines - while floating licenses can be checked out for use on different client machines.

The License Manager utility can be opened from the product installation wizard after installation is complete - or you can launch it from the Windows Start menu.


Security AppScan Source licenses are obtained from the IBM Rational License Key Center. For detailed information about obtaining licenses and license activation, see How to obtain and apply licenses for Security AppScan Source products and the Activating the software section of the Security AppScan Source Installation and Administration Guide.

Product Web site:

http://www.ibm.com/software/rational/products/appscan/source/

Product features:

http://www.ibm.com/software/rational/products/appscan/source/features/

User assistance:

The Security AppScan Source infocenter is available online at http://publib.boulder.ibm.com/infocenter/appsrc/v8r6/index.jsp. The infocenter includes the product user guide PDFs, system requirements, and release notes.

Prerequisites

Supporting Documentation
Document Description
Detailed System Requirements A detailed list of the supported hardware, operating systems and information related to IBM and third party software requirements.
Information Center Browse or search on-line information related to the deployment, configuration and usage of the product.

Download package


  1. You must have active product entitlements for this download, and know your Site Number. (If you do not know your Site Number, contact eCustomer Care.)

  2. Sign in to the http://www.ibm.com/software/howtobuy/passportadvantage/pao_customers.htm site using your IBM ID. If you do not have an IBM ID you will be able to create one. If you did not purchase under Passport Advantage terms, you will later be automatically redirected to the Software and Services site.

  3. On the Self-nomination page, type in your Site Number, and indicate whether or not you are your company's Primary Contact for this site. (If you are not sure whether you are the primary contact, select "No".) Then click Submit.

    At this point your company's primary contact is notified. When your request is approved you will receive email notification, and be able to continue.

  4. After signing in again (if necessary), click Software Download and Media Access, then click Download Finder.

    The downloads that are available to you are listed.

  5. If you purchased under Passport Advantage terms, search - by name or part number - for these packages:

    • IBM Security AppScan Source for Automation V8.6 Multiplatform Multilingual eAssembly (Part Number CRIU9ML), which includes:
      • IBM Security AppScan Source for Automation 8.6 Windows Multilingual (Part Number CI978ML)
      • IBM Security AppScan Source for Automation 8.6 Linux Multilingual (Part Number CI979ML)
      • IBM Security AppScan Source for Automation 8.6 Solaris Multilingual (Part Number CI8PLML)
      • IBM Security AppScan Source for Automation 8.6 Quick Start Guide (Part Number CI7PQML)
      • IBM Security AppScan Enterprise Server V8.6 Win Multilingual (Part Number CI8PGML)
      • IBM Security AppScan Enterprise Server V8.6 Linux Multilingual (Part Number CI8PHML)

    • IBM Security AppScan Source for Analysis V8.6 Multiplatform Multilingual eAssembly (Part Number CRIV0ML), which includes:
      • IBM Security AppScan Source for Analysis 8.6 Windows Multilingual (Part Number CI97AML)
      • IBM Security AppScan Source for Analysis 8.6 Linux Multilingual (Part Number CI97BML)
      • IBM Security AppScan Source for Analysis and Consulting 8.6 Quick Start Guide (Part Number CI7PPML)
      • IBM Security AppScan Enterprise Server V8.6 Win Multilingual (Part Number CI8PGML)
      • IBM Security AppScan Enterprise Server V8.6 Linux Multilingual (Part Number CI8PHML)

    • IBM Security AppScan Source for Development V8.6 Multiplatform Multilingual eAssembly (Part Number CRIV1ML), which includes:
      • IBM Security AppScan Source for Development 8.6 Windows Multilingual (Part Number CI8PPML)
      • IBM Security AppScan Source for Development 8.6 Linux Multilingual (Part Number CI8PQML)
      • IBM Security AppScan Source for Development and Remediation 8.6 Quick Start Guide (Part Number CI7PNML)
      • IBM Security AppScan Enterprise Server V8.6 Win Multilingual (Part Number CI8PGML)
      • IBM Security AppScan Enterprise Server V8.6 Linux Multilingual (Part Number CI8PHML)

    • IBM Security AppScan Source for Remediation V8.6 Multiplatform Multilingual eAssembly (Part Number CRJ68ML), which includes:
      • IBM Security AppScan Source for Development 8.6 Windows Multilingual (Part Number CI8PPML)
      • IBM Security AppScan Source for Development 8.6 Linux Multilingual (Part Number CI8PQML)
      • IBM Security AppScan Source for Development and Remediation 8.6 Quick Start Guide (Part Number CI7PNML)
      • IBM Security AppScan Enterprise Server V8.6 Win Multilingual (Part Number CI8PGML)
      • IBM Security AppScan Enterprise Server V8.6 Linux Multilingual (Part Number CI8PHML)

  6. Download the required components of the package. (It may be convenient to download all components together, for quick access later on.)


Problems solved


APAR

Title

PM65966

Saving Eclipse importer configuration shows Invalid Path message

PM63376

SRC: "Noise" filter name in Security Analyst doesn't match the documentation

PM61696

Error saving assessment: "<assessment_ name>.ozasmt' cannot be saved, HRESULT: -2147418113"

PM61664

SRC: Missing .jar files after new installation cause failure to configure ASE Server

PM61492

Ounceprocess does not terminate when Eclipse plugin crashes and the license is not freed up

PM61171

SRC: Undefined variables used in classpath cause segmenation fault during scan

PM61097

There are no scan results. Scan was aborted when scanning JSP projetc

PM60760

AppScan Source PHP "Unknown Class Error".

PM60738

Quality metrics for CPP not captured during quality scan through cli

PM60296

SRC: "Validate" function for project hangs without staging directory

PM60269

AppScan Source does not display JSP compile errors on the console view

PM59565

SRC: Install directory ignored for silent installs on Windows 7

PM59216

Parsing error in Classic ASP code due to syntax (new jsCore).toJSON(val)

PM58768

Scan hangs during "Performing Framework Analysis" phase when scanning an EJB project

PM58374

SRC: Various errors importing Eclipse/RAD workspace in SA

PM53592

AppScan Source incorrectly throws PHP parsing errors due to missing whitespace

PM52069

The license key logs shows garbled data for the username for Appscan Source license checkouts.

PM51020

SRC: "ounceauto wait" fails for request IDs that are not currently running

PM50878

Vulnerabilities are reported in comment line and with "DES" when scanning COBOL app

PM50408

Using Appscan Enterprise Console on Win 7\2008 and IIS 7.0 with Windows Authentication only fails

PM63747

SRC: "{" character causes .php parsing errors

PM58934

SRC: java.lang.OutOfMemory error generating .pdf report

Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
Windows download at Passport Advantage 12 Jun 2012 English 683649178 HTTP
Linux download at Passport Advantage 12 Jun 2012 English 735616410 HTTP
Solaris download at Passport Advantage 12 Jun 2012 English 348893653 HTTP

Technical support

Tab navigation


IBM Security Software Support Communities

  • Support Portal: Click the Support Portal tab above to begin configuring your support portal experience to review FAQs, lists of known problems, fixes, and a wealth of important support information.
  • IBM Security AppScan Source Support

Helpful Hints For Obtaining Technical Assistance:

Before you contact IBM Security Software Support, gather the background information that you need to describe the problem. When you describe a problem to an IBM software support specialist, be as specific as possible and include all relevant background information so that the specialist can help you solve the problem efficiently. To save time, know the answers to these questions:

  • What software versions were you running when the problem occurred?
  • Do you have logs, traces, or messages that are related to the problem?
  • Can you reproduce the problem? If so, what steps do you take to reproduce it?
  • Is there a workaround for the problem? If so, be prepared to describe the workaround.

If you have helpful information to diagnose or identify the problem on your system, you can provide this data by following the instructions to exchange information with IBM Technical Support.


Problems (APARS) fixed
PM65966, PM63376, PM61696, PM61664, PM61492, PM61171, PM61097, PM60760, PM60738, PM60296, PM60269, PM59565, PM59216, PM58768, PM58374, PM53592, PM52069, PM51020, PM50878, PM50408, PM63747, PM58934

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Security AppScan Source
Installation

Software version:

8.6

Operating system(s):

Linux, Solaris, Windows

Software edition:

Automation, Developer, Remediation, Security

Reference #:

4032783

Modified date:

2012-06-19

Translate my page

Machine Translation

Content navigation