HCL AppScan is primarily used to improve application security. We are transitioning from DevOps to DevSecOps.
We are attempting to integrate these tools into our CICD pipeline in order to meet our business use cases. And if we notice that the tool is missing any business features or a feature, we will highlight them and work to have them fixed or implemented. That is how we go about it. We don't go for any generic features because that will be handled by the product team. We are here to identify our gaps and then have them implemented by the vendor team.
AppScan is only used for web scanning; we do not use it for anything else.