I can't find any good documentation that lists what all IBM's AppScan Source scans for JavaScript projects. I've looked through many of their PDFs and websites but haven't found anything that details what it covers and reviews.
The Javascript scanner in AppScan Source supports normal client side javascript apis, MobileFirst apis, and a part of jQuery, Cordova, html5, and Backbone apis. Unfortunately no AngularJS yet
Some information about improvements of AppScan Source's Javascript features can be found from AppScan Source's new version release notes, for example
AppScan Source 9.0:
Performance is now improved when scanning JavaScript.
http://www-01.ibm.com/support/docview.wss?uid=swg24037073
Appscan Source 9.0.1:
Enhanced accuracy for JavaScript analysis: Pattern-based static analysis results for JavaScript are now included. Preliminary support for Backbone.js and Require.js (currently disabled). Various bug fixes.
http://www-01.ibm.com/support/docview.wss?uid=swg24038332
The vulnerabilities it look for include common web security vulnerabilities for example Cross-Site Scripting, DataLeakage, URL redirect, OS injection, SQL injection etc.
It currently supports normal client side javascript apis, MobileFirst apis, and a part of jQuery, Cordova, html5, and Backbone apis.
