What's new in AppScan on Cloud

Discover upcoming and recently added features.

Updates: AppScan on Cloud announcements, including advance notice of planned changes and scheduled maintenance that might affect your workflow, can be found on AppScan News. To be notified when there is an announcement, you can subscribe to AppScan News.
Translations: If you are reading this page in translation, please be aware that it may not include the latest additions. To see the latest version of this page, switch to the English version, using the "Change Language" option at the top right of the menu bar.

New on January 12, 2026

  • Software Composition Analysis (SCA)
    • SCA vulnerability issues now display links to the relevant GitHub repository instead of cve.org, providing a more actively maintained source of information.

New on January 11, 2026

  • AppScan Model Context Protocol (MCP) server is now available for use with your LLM to securely access your security data in ASoC. By accessing it through your IDE, you can get insights about your data, connect it with other MCPs for integrations, and use LLM capabilities to suggest triage and code remediation using the context of the results from ASoC.
  • Software Composition Analysis (SCA)
    • Proactive monitoring: SCA scans can now be continuously monitored for newly published CVEs affecting the open-source packages you’ve already scanned. Monitoring is enabled by default, this can be toggled per scan (including existing scans).
  • Interactive analysis
    • You can now download the Node.js agent as a self-contained tarball directly from ASoC for air-gapped or restricted environments without access to the public npm registry.
  • General updates
    • Scans and sessions page: UX improvements including a new table view for easier filtering and sorting, and a unified view for all scan technologies.
    • User management enhancement: You can now edit asset groups per user through the user management page.
    • Functional user: Added the ability to create a service account to facilitate automated tasks and system integrations. Available through API only.
  • API & Automation:
    • API Key authentication: Direct API key authentication via a custom HTTP header eliminates the need for session tokens, making automation scripts and CI/CD integrations simpler and more efficient.
    • Create Scan API: The boolean parameter 'MultiStep' is deprecated and will be removed in a future release.