What's new in HCL AppScan 360°

Explore new features that have been added to HCL AppScan 360°, and note any features and capabilities that have been deprecated in this release.

New in HCL AppScan 360° version 1.4.0

October 2024

  • HCL AppScan 360° single VM installation

    You can choose to install AppScan 360° in a distributed Kubernetes environment (standard install), or on a single virtual machine. Single VM installation offers a self-contained deployment of AppScan 360°, including configuring Kubernetes, for smaller environments when high concurrency is not required, or as part of planning for subsequent distributed installations.

  • Dashboard redesigned: Gain deeper insights into your applications and identified issues with the new dashboard. View real-time analytics using easy-to-understand charts and graphs to keep track of important metrics.
  • Domain management for DAST scanning: Manage domains authorized for scanning within your organization and asset groups.
  • Auto fix: Curated autofix recommendations are now provided with a GenAI-summarized explanation in the HCL AppScan 360° user interface.
  • GitHub Enterprise integration for SAST repository scanning: Run static analysis scans on GitHub Enterprise repositories.
  • Additional AppScan Central Platform updates:
    • New or updated compliance and industry-standard reports and policies:
      • Network and Information Security Directive (NIS2)
      • OWASP Cloud-Native Application Security Top 10
      • OWASP API Security Top 10 2023
      • CWE Top 25 Most Dangerous Software Weaknesses 2023
      • [US] DISA's Application Security and Development STIG, Version 5 Release 3
      • The Payment Card Industry Data Security Standard (PCI DSS) - Version 4
    • Automated comment propagation: Automatically propagates the latest comments along with issue status from the same issue in another application to the current app. This ensures that both the status and comments are consistently updated, providing a complete and synchronized issue record across all applications.
    • Repository link in issue Details tab: The "Location" field in the issue Details tab includes a link to the specified file and line in the source code repository, when applicable. This enables direct access to the relevant code without switching tabs.
  • AppScan 360° SAST updates:
    • Static analysis client updated to 8.0.1577.
    • AppScan Go! updated to version 2.1.1.
      • Added the ability to scan SCM repositories inAppScan Go! with a URL.
      • AppScan Go! now auto-recommends scan mode, either bytecode/compiled or source code.
    • SAST scans can now be configured and scheduled to pull source code directly from a public GitHub repository. See Scan a GitHub repository.
    • While triaging SAST findings, users can view the relevant source code directly on GitHub.com.
    • Findings can now be filtered by filename or path, making triaging more efficient by focusing on specific areas of the codebase.
    • CLI command queue_analysis displays scan IDs for static analysis (SAST).
    • IFA 2.0 enabled for .NET trace findings.
    • Improvements to secrets scanner and Java source code scanner.
    • Secrets scanner scans PowerShell (.ps1) files.
    • Updates to rules.
    • Support for Makefile/GNUMakefile, eSQL, and Java 21.

      In addition, Java 21 is included in the Static Analyzer Command Line Utility (SAClientUtil) package.

  • AppScan 360° DAST updates:
    • Live logs for DAST scans: View real-time log updates during active scans.
    • Extended Support Mode: Enable Extended Support Mode (ESM) for DAST scans to generate detailed logs for support purposes.
    • DAST engine is updated to 10.7.0.40885
  • New HCL AppScan 360° plugins:
    • JetBrains IDE plugin
    • Jira, Azure DevOps, and RTC DTS integrations
    • ServiceNow vulnerability management integration
    • AppScan-SDK build-your-own integration

    See Integrations for additional information.

New in HCL AppScan 360° version 1.3.0

June 2024

  • HCL AppScan 360° significantly increases security coverage with the addition of dynamic analysis (DAST) scanning. See Dynamic Analysis (DAST).

    Our market-leading DAST technology enables organizations to scan running applications and APIs for vulnerabilities before they are deployed to the web. Incremental scanning and test optimization allow companies to balance the speed and depth of scans based on the needs of the development lifecycle.

  • AppScan Central Platform updates:
    • A date filter has been added to the Fix groups page. View fix groups according to a date range and/or according to time-related properties associated with component issues.
    • A share option has been added to the Issue details pane. Copy a link or issue ID to share issue details quickly and efficiently via text or email.
  • User experience (UX) improvements:
    • The Settings page has been redesigned with improved organization, and now requires confirmation of changes to page settings.
  • The following AppScan plugins support AppScan 360° version 1.3:

New in HCL AppScan 360° version 1.2.0

April 2024

HCL AppScan 360° installation updates:
  • AppScan 360° has a new, simplified installation process. Installation of AppScan Central Platform includes installation of the static analysis agent in a single procedure. AppScan Remediation Advisories are installed separately so that you always have the most up-to-date cause, risk, and remediation content.
AppScan Central Platform updates:
  • Default issues view: By default, AppScan 360° displays non-compliant issues only at the application level.
  • Fix groups filtering: AppScan 360° supports filtering fix groups by vulnerability and policy, in addition to existing filters. With additional filtering capabilities, you can pinpoint issues and optimize fixes for faster remediation.
  • Issue properties tab: New Properties tab on the Issue details pane lists expanded issue details, including how and when the issue was found, type, status, severity, scanner, and location, and including issue ID.
  • Auto-close of issues: AppScan 360° auto-closes issues when they do not appear in rescans, thus reducing the manual effort of closing issues.
  • 2k scan limit: When auto-cleanup is not enabled at the organization level, AppScan 360° enforces the 2k scan limit.
  • User experience (UX) improvements:

    • Asset groups: The new delete asset group flow simplifies the process of deleting an asset group. Users with the delete asset group permission (default roles like Administrator and Manager, as well as custom roles) can delete an asset group along with its associated applications, including scans and findings, facilitating the removal of unnecessary applications. Users can also opt to move the applications to another asset group, either with or without their members.
    • Fix groups: Comments field added to security report for fix groups, allowing for better inclusion and tracking of notes and comments.
  • AppScan 360° Static Analysis scanning updates:
    • Major enhancements to Intelligent Findings Analytics (IFA) for Java, our AI/ML auto-triage technology, include more precise findings and reduced false positives. Users may notice additional findings in previously scanned code due to improved analysis and prioritization.
    • Automatic discovery of Git repositories. File paths for new issues are relative to the repository root.
    • Increased coverage for RPG language.
    • AppScan Go! updated to version 2.0.0

      AppScan Go! steps you through configuring and running a static or secrets scan with a refreshed and improved user interface and refined workflow. You can run a complete scan, prepare an IRX file for scanning later, or configure files for automating scans with AppScan plugins. You can also view account information within the tool.

    • Static analysis support for .NET 8.
    • Improved accuracy for Java, JavaScript and Python languages.

New in HCL AppScan 360° version 1.1.0

December 2023

AppScan Central Platform updates:
  • Single scan view now includes the option to display Active Issues, in addition to Total Issues, and New Issues. Active issues are issues whose status is "New", "Open", "In progress", or "Reopened". In addition, improvements were made to the "Issues by severity" graph.
AppScan 360° Static Analysis installation and administration updates:
  • Enhanced deployment script:
    • Deploy in any Kubernetes environment.
    • Accepts the AppScan Central Platform server’s hostname (FQDN) part of ‘--server’ option.
    • Storage class name (--storage-class) must be provided during the deployment.
    • The default AppScan 360° Static Analysis ingress hostname for the option ‘--ingress-host’ is changed from ‘sast.appscan.com’ to ‘sast.example.com’.
  • Introduced probes to monitor the health of AppScan 360° Static Analysis components.
  • Enhanced Management API to produce additional details of each microservice, version info, and its availability with readiness probes.
  • Updated out-of-the-box configuration based on typical resource usage.
  • Updated base images.
  • Various fixes to improve API integration with AppScan Central Platform, serviceability, and performance.
AppScan 360° Static Analysis scanning updates:
Resolved issues in HCL AppScan 360° version 1.1.0
  • PRB0123164 - Fix groups tab displays file name instead of library name for open source component.
  • PRB0123969 - SAST scan shows empty line number when "Line" column is added in Dashboard.
  • PRB0123727 - Several CSV issues reported by customers.