What's new in HCL AppScan 360°
Explore new features that have been added to HCL AppScan 360°, and note any features and capabilities that have been deprecated in this release.
New in HCL AppScan 360° version 1.1.0
AppScan Central Platform updates:
- Single scan view now includes the option to display Active Issues, in addition to Total Issues, and New Issues. Active issues are issues whose status is "New", "Open", "In progress", or "Reopened". In addition, improvements were made to the "Issues by severity" graph.
AppScan 360° Static Analysis installation and
administration updates:
- Enhanced deployment
script:
- Deploy in any Kubernetes environment.
- Accepts the AppScan Central Platform server’s hostname (FQDN) part of ‘
--server’ option. - Storage class name (
--storage-class) must be provided during the deployment. - The default AppScan 360° Static Analysis
ingress hostname for the option ‘
--ingress-host’ is changed from ‘sast.appscan.com’ to ‘sast.example.com’.
- Introduced probes to monitor the health of AppScan 360° Static Analysis components.
- Enhanced Management API to produce additional details of each microservice, version info, and its availability with readiness probes.
- Updated out-of-the-box configuration based on typical resource usage.
- Updated base images.
- Various fixes to improve API integration with AppScan Central Platform, serviceability, and performance.
- Static analysis client updated to 8.0.1546.
- Support for scanning cascading style sheets (CSS files): AppScan 360° identifies security vulnerabilities in cascading style sheets, including cross-site scripting-, injection-, and validation-related vulnerabilities.
- Support for IBM WebSphere Application Server 9.x: The Static Analyzer Command Line Utility can be configured to leverage a WebSphere environment to use the JSP compiler included with WebSphere.
- Improved accuracy for PHP scanning: AppScan 360° improved verification of PHP content in HTML files.
- Support for secrets scanning:
Secrets scanning is disabled by default. Use the
--enableSecretsand--secretsOnlyoptions to scan secrets. - Improved performance for source code scanners.
- Command line and plugins now allow upload of archive files for scanning without first generating an IRX file.
- General fixes.
Resolved issues in HCL AppScan 360° version 1.1.0
- PRB0123164 - Fix groups tab displays file name instead of library name for open source component.
- PRB0123969 - SAST scan shows empty line number when "Line" column is added in Dashboard.
- PRB0123727 - Several CSV issues reported by customers.