HCL AppScan 360º v1.4.0: Redefining AppSec with Powerful New Features

The latest HCL AppScan 360° version 1.4.0 introduces a range of powerful updates to enhance your security testing experience. This release offers a flexible single virtual machine (VM) installation option for smaller environments, along with a redesigned dashboard for deeper insights and real-time analytics. New features include domain management for DAST scanning, auto-fix recommendations powered by GenAI, and GitHub Enterprise integration for SAST repository scanning. Additional updates focus on compliance, automated comment propagation, and improved efficiency in SAST and DAST scans, making this new version a comprehensive upgrade for streamlined security management, and deployable in any environment.

Virtual Machine Installation

HCL AppScan 360° now offers the flexibility of a single VM installation option, making it easier for organizations with smaller environments or specific deployment needs to get started quickly with comprehensive application security. Traditionally, AppScan 360° is installed in a distributed Kubernetes environment to handle large-scale, high-concurrency scanning and testing. However, the new single VM installation provides a modernized, self-contained deployment including a pre-configured Kubernetes environment.

This efficient deployment is also a starting point for those planning to scale their security operations in the future, as it allows for a smoother transition to a full Kubernetes deployment when needed. With minimal infrastructure and setup requirements, the single VM installation reduces the complexity of deployment, making it particularly beneficial for teams or businesses looking to accelerate their security initiatives without investing in a complex, distributed architecture from the outset. 

Dashboard Redesign

The redesigned AppScan 360° dashboard offers deeper insights into your applications and vulnerabilities, making it easier than ever to monitor security. Displaying real-time analytics through intuitive charts and graphs, you can track key metrics and issues at a glance. This user-friendly interface enhances visibility, helping you quickly identify risks and make informed decisions to strengthen your security posture.

Improved Remediation

HCL AppScan 360° makes remediation faster and easier with the introduction of AutoFix –curated fix recommendations with GenAI-summarized explanations and context. These easy-to-understand suggestions are accessible in the user interface helping developers and security teams address vulnerabilities confidently and efficiently, accelerating both the remediation process and overall time to release.

Additionally, HCL AppScan 360° now integrates with GitHub Enterprise, enabling seamless static analysis (SAST) scans on GitHub repositories. Development teams are able to catch vulnerabilities earlier in the software development lifecycle, reinforcing security without disrupting their workflows.

Domain Management and Live Logs

The platform simplifies domain management for Dynamic Application Security Testing (DAST) to easily manage which domains and asset groups are authorized for security scans. This feature enhances control and ensures only approved assets are tested, reducing potential risks and improving scan accuracy.

DAST users also benefit from the addition of Live Logs for DAST scans. These real-time status updates occur during active scans, so users don’t have to wait until a scan is finished to know whether it was running normally. Users can  activate Extended Support Mode (ESM) for DAST scans to generate detailed logs for support purposes, such as debugging.

Platform and Compliance Updates

HCL AppScan 360° has introduced several new, updated platform features. To ensure that users can maintain the highest level of security and compliance, the platform has aligned its compliance and industry-standard reporting capabilities with the following key security frameworks: 

• Network and Information Security Directive (NIS2)
• OWASP Cloud-Native Application Security Top 10
• OWASP API Security Top 10 for 2023
• CWE Top 25 Most Dangerous Software Weaknesses of 2023
• [US] DISA's Application Security and Development STIG, Version 5 Release 3
• Payment Card Industry Data Security Standard (PCI DSS) Version 4

Additional updates are designed to improve efficiency and refine security workflows. The new automated comment propagation feature automatically syncs comments and issue statuses across applications, delivering a complete and consistent record of each issue. This eliminates the need for manual updates, reducing errors and saving time while providing full visibility into the status of security issues across your projects.

Additionally, the repository link in the “Issue Details” tab enhances code accessibility. When applicable, the "Location" field now includes a direct link to the specific file and line to the source code repository for instant access and to address issues without switching between tools. Speed up your remediation process to keep your team focused on resolving vulnerabilities quickly.

New Integrations/Plugins

New integrations and plugins have been added to Version 1.4.0 to enhance flexibility, streamline workflows, and allow users to work seamlessly within their preferred tools. This improves efficiency and simplifies vulnerability management, making HCL AppScan 360º more adaptable to diverse development environments. New integrations and plugins include:

• JetBrains IDE plugin
• Jira, Azure DevOps, and RTC DTS integrations
• ServiceNow vulnerability management integration
• AppScan-SDK build-your-own integration

See the full list of features in HCL AppScan 360º version 1.4.0.  To learn more about this industry-leading, cloud-native platform, visit us online or contact AppScan 360  to request a demo and experience how HCL AppScan can help you manage your application security posture and release software with confidence.