Readme update-1.5.0

CHANGELOG.md

@@ -1,5 +1,11 @@
 CHANGELOG
 =========
+1.5.0 (September, 2024)
+------
+- Support for Rescan of SAST Scans in both HCL AppScan on Cloud and HCL AppScan 360°.
+- Support for Rescan of SCA Scans in HCL AppScan on Cloud.
+- Bug fixes.
+
 1.4.1 (July, 2024)
 ------
 - Support to execute SAST and SCA scans as a single pipeline job for HCL AppScan on Cloud.

README.md

@@ -16,12 +16,12 @@ The plugin supports scanning through following HCL AppScan products:
 An account at the [HCL AppScan on
 Cloud](https://cloud.appscan.com/AsoCUI/serviceui/home)
 service. [Create an
-application](http://help.hcltechsw.com/appscan/ASoC/ent_create_application.html?query=create)
+application](https://help.hcl-software.com/appscan/ASoC/ent_create_application.html?query=create)
 on the service to associate with your scans.
 
 **HCL AppScan 360° prerequisites**
 
-To execute scans in HCL AppScan 360°, you must have access to an instance of AppScan 360°. To learn more about AppScan 360° features and installation, click [here](https://help.hcltechsw.com/appscan/360/1.0/appseccloud_plugins_integrations.html).
+To execute scans in HCL AppScan 360°, you must have access to an instance of AppScan 360°. To learn more about AppScan 360° features and installation, click [here](https://help.hcl-software.com/appscan/360/1.0/appseccloud_jenkins.html).
 
 **HCL AppScan Enterprise prerequisites**
 
@@ -41,10 +41,10 @@ HCL AppScan Jenkins plug-in supports integration with HCL AppScan Enterprise for
     configuration and enter the following information:
     -   **Credentials:** Select the credentials you added to Jenkins in
         step 1 above.
-    -   **Application:** Select the application to associate with the scan.
-        NOTE: You must create at least one application in the
- 	HCL AppScan on Cloud(https://cloud.appscan.com) or HCL AppScan 360° service or
-        this field is empty.
+    -   **Application:** Select the application to associate with the scan.<br>
+        **Note**: At least one application must be created in HCL AppScan on Cloud or HCL AppScan 360°
+        for the dropdown to show options. If it’s empty, check your server connection or ensure
+        applications exist in the organization.
     -   **Test Name:** Specify a name to use for the scan. This value
         is used to distinguish this scan and its results from
         others.
@@ -68,13 +68,13 @@ HCL AppScan Jenkins plug-in supports integration with HCL AppScan Enterprise for
                     select your AppScan Presence from the list.
                     Information about creating an AppScan Presence is
                     available
-                    [here](https://help.hcltechsw.com/appscan/ASoC/Presence_scanning.html).
+                    [here](https://help.hcl-software.com/appscan/ASoC/Presence_scanning.html).<br>
                     **Note**: Presence is available in AppScan on Cloud only.
                 -   **Scan File**: If you have an AppScan Standard scan
                     file, enter its full path and file name in this
                     field. To learn more about AppScan Standard scan
                     files, see [this
-                    topic](https://help.hcltechsw.com/appscan/ASoC/asd_AppScanStandard.html).
+                    topic](https://help.hcl-software.com/appscan/ASoC/asd_AppScanStandard.html).
 				-   **Application login**: Select a Login method from the available options so 
 											AppScan can scan pages that require authentication. 
 					- **Login not required**: Leave this selected if no login is needed.
@@ -86,14 +86,20 @@ HCL AppScan Jenkins plug-in supports integration with HCL AppScan Enterprise for
 					- **Login required: Record login**: Select this option to allow login to the application using a recorded login sequence.
 						-   **Login Sequence File**: Provide a path to the login sequence file data. Supported file type is .CONFIG.
         -   **Software Composition Analysis (SCA)**
+            -	**Rescan**: Select this option to rescan the same application, updating and overwriting the previous scan results with the latest findings.<br>
+              	**Note**: If you are looking to use the Auto Close feature, ensure it has been enabled by your AppScan on Cloud/AppScan 360° organization administrator. Learn more about [rescanning](https://help.hcl-software.com/appscan/ASoC/appseccloud_scanning_rescan_cm.html).
+             	- **Scan ID**: Enter the Scan ID of the parent scan based on the application and technology you selected earlier. You can retrieve Scan ID from the AppScan on Cloud/AppScan 360° Server.
             -   **Target**: Enter the complete path to the directory containing the files to scan, or provide the full path to an existing .irx file. Leave this field empty to scan all supported files within the workspace directory.
         -   **Static Analysis (SAST)**
-            -   **Target**: Enter the complete path to the directory containing the files to scan, or provide the full path to an existing .irx .war, .ear, .jar or .zip file. Leave this field empty to scan all supported files within the workspace directory.
+            -	**Rescan**: Select this option to rescan the same application, updating and overwriting the previous scan results with the latest findings.<br>
+	    	**Note**: If you are looking to use the Auto Close feature, ensure it has been enabled by your AppScan on Cloud/AppScan 360° organization administrator. Learn more about [rescanning](https://help.hcl-software.com/appscan/ASoC/appseccloud_scanning_rescan_cm.html).
+            	- **Scan ID**: Enter the Scan ID of the parent scan based on the application and technology you selected earlier. You can retrieve Scan ID from the AppScan on Cloud/AppScan 360° Server.		
+            -   **Target**: Enter the complete path to the directory containing the files to scan, or provide the full path to an existing .irx, .war, .ear, .jar or .zip file. Leave this field empty to scan all supported files within the workspace directory.
             -   **Scan Method**
                 -   **Generate IRX**: Generate an IRX archive locally from the specified files and folders.
                     -   **Additional Options**: If selected, the following options are available:
                         -   **Source Code Only**: Analyze source code only.
-                        -   **Include SCA**: If you are interested in scanning the open-source libraries in your code, select this option. This will create an SCA scan in addition to the SAST scan, so you will not have to upload the same file again.
+                        -   **Include SCA**: Include analysis of open source packages. Include SCA creates an SCA scan in addition to a SAST scan.<br> **Note**: Software Composition Analysis (SCA) is available for AppScan on Cloud only.
                         -   **Select Scan Speed**: Optimize scan speed and results according to development stage. Choose faster scans early in the development lifecycle to identify basic security issues; choose thorough scans later in the cycle to ensure complete coverage for your application.
                             -   **Normal**: Performs a complete analysis of the code, identifying vulnerabilities in detail and differentiating issues that could be reported as false positives. This scan takes the longest to complete.
                             -   **Fast**: Performs a comprehensive analysis of your files to identify vulnerabilities, taking longer to complete than “Faster” or “Fastest” scans.
@@ -102,7 +108,7 @@ HCL AppScan Jenkins plug-in supports integration with HCL AppScan Enterprise for
                 -   **Upload files and folders**: Upload files and folders directly to AppScan for immediate scanning preparation, resulting in faster processing.
                     -   **Additional Options**: If selected, the following options are available:
                         -   **Include SCA**:  Applicable only for IRX files.
-                            -   If you are interested in scanning the open-source libraries in your code, select this option. This will create an SCA scan in addition to the SAST scan, so you will not have to upload the same file again.
+                            -   Include analysis of open source packages. Include SCA creates an SCA scan in addition to a SAST scan.<br> **Note**: Software Composition Analysis (SCA) is available for AppScan on Cloud only.
     -   **Email notification:** Send the user an email when analysis is complete.
     -   **Run as a personal scan:** A personal scan does not affect the application data and compliance until it is promoted.
     -   **Allow intervention by scan enablement team:** Available for AppScan on Cloud only.
@@ -114,9 +120,12 @@ HCL AppScan Jenkins plug-in supports integration with HCL AppScan Enterprise for
         and the results have been retrieved from the service. If
         unselected, the job will continue once the scan has been
         submitted to the analysis service.
-    -   **Fail job if:** If selected, the Jenkins job will fail if the
+    -	**Fail build for non-compliance with application policies:** Fail
+      	the job if one or more issues are found which are non-compliant with
+     	 respect to the selected application's policies.
+    -   **Fail build if:** If selected, the Jenkins job will fail if the
         finding count(s) exceed the specified thresholds (see below).
-    -   **Add Condition:** Allows you to add thresholds for the number
+    	-   **Add condition:** Allows you to add thresholds for the number
         of findings that will cause a build to fail. You can specify
         thresholds for total, critical, high, medium, and/or low finding counts.
         If multiple conditions are added, they will be treated as though
@@ -126,7 +135,7 @@ HCL AppScan Jenkins plug-in supports integration with HCL AppScan Enterprise for
 - Support for SAST scanning using HCL AppScan 360° was added for version 1.1.0 of the Jenkins extension. The existing HCL AppScan on Cloud connection endpoint and build step have been enhanced to allow users to connect to HCL AppScan 360°.
 - AppScan on Cloud (ASoC) now performs SAST and SCA analysis as separate scans. To execute an open-source only scan, use the Software Composition Analysis (SCA) scan type.
 
- For more information on adding security analysis to Jenkins automation server, please visit this [link](http://help.hcltechsw.com/appscan/ASoC/appseccloud_jenkins.html?query=jenkins).
+ For more information on adding security analysis to Jenkins automation server, please visit this [link](https://help.hcl-software.com/appscan/ASoC/appseccloud_jenkins.html?query=jenkins).
 
 **Integration with HCL AppScan Enterprise**