DAST and SCA Capabilities: Latest Updates in HCL AppScan on Cloud

HCL AppScan on Cloud (ASoC) is a continuously evolving SaaS platform designed to keep your applications secure with the latest advancements in application security testing. With frequent updates and integrations, ASoC helps development teams effortlessly integrate security into their workflows. The latest enhancements include improvements to the centralized dashboard, additional scanning capabilities for both dynamic analysis and open-source testing, and new plugin functionality for Visual Studio 2022.

Software Composition Analysis (SCA)

Our latest release introduces powerful updates to Software Composition Analysis (SCA), making open-source library management more efficient. With auto-close of issues enabled, any open-source libraries not found during a rescan are automatically removed from results, simplifying issue tracking. Additional updates have been made to the Runtime SCA feature in ASoC, improving the ability to continuously monitor software components and behaviors in real-time.

Dynamic Analysis

Our dynamic analysis (DAST) updates bring a new native API scan workflow, offering seamless API testing to ensure vulnerabilities are caught and resolved early in development. The current release supports API scan workflows with Postman and manual recording, with more options to come in future updates.

By enhancing our DAST, the ability to detect vulnerable third-party components provides deeper insights, identifying and reporting vulnerabilities in the most commonly-used client and server-side technologies.

Dashboard and Platform Enhancements

Our latest platform enhancements are designed with user convenience in mind. The new dashboard updates, featuring Scans, Technology, and SCA cards, provide quick access to key insights, allowing you to easily view applications by technology and identify the top five licenses used in SCA. The introduction of dark mode offers a more comfortable, customizable interface, improving the user experience in AppScan on Cloud.

Application creation is now faster and more intuitive with a medium Business Impact default in the quick setup, helping you align security priorities efficiently. Issue management is also refined —you can now update issue severity or status directly in the “Details” view, saving time and improving accuracy. With the removal of the outdated "new" status and expanded application name limits (up to 120 characters), managing your security workflows is now more flexible and user-friendly.

Integrations Updates

Our latest integrations offer enhanced support across development environments, starting with the HCL AppScan Visual Studio extension for Visual Studio 2022. You can now create SAST and SCA scans directly within the Visual Studio 2022 IDE, configure scan options, and easily monitor scan progress through the new "My Scans" tab.

Additionally, the HCL AppScan Jenkins and Azure Plugins now support the rescan of both SAST and SCA scans in HCL AppScan on Cloud, streamlining the process of keeping scans up-to-date.

Visit our “what’s new” page for a full list of features in recent HCL AppScan on Cloud releases. To learn more about this industry-leading SaaS platform, visit us online or register for a free trial today to experience how HCL AppScan can help you manage your application security posture and release software with confidence.