Marking a Major Milestone with the Release of HCL AppScan 360º Version 2.0

Application security is constantly changing. With the increase in software supply chain attacks and growing regulatory pressure, organizations are having to rethink how they secure their code, their data, and their entire development pipelines. These issues and others are leading many to move away from public cloud dependencies and toward solutions that offer more control, transparency, and sovereignty.

Introducing HCL AppScan 360º Version 2.0

The release of Version 2.0 of HCL AppScan 360º marks a major milestone for this cloud native application security platform. For the first time ever, the full suite of AppScan testing technologies—SAST, DAST, IAST, SCA, API, IaC, and Secrets—is available in a fully on-prem, container-based platform. We provide the same depth and breadth of coverage you’ve come to expect from HCL AppScan on Cloud, now packaged for organizations that need to keep data close and cloud or on-prem infrastructure self-managed.

Security leaders and development teams are facing a growing list of challenges: fragmented toolchains, late-stage testing bottlenecks, compliance headaches, and the ever-present risk of open-source vulnerabilities. HCL AppScan 360º 2.0 is built to address these head-on, offering a unified platform that’s flexible enough to meet modern DevSecOps demands with superior software developers’ experience while robust enough to satisfy enterprise-grade security requirements.

Open-Source Management That Stays On-Prem

Open-source components can now be found throughout most software, and managing their risks is especially challenging in regulated or air-gapped environments. HCL AppScan 360º 2.0 is the first comprehensive platform to address this effectively with on-prem SCA. Teams can now get up-to-the-minute visibility into vulnerabilities without exposing their own data, from the proprietary Software Bill of Materials (SBOMs) to a prioritized list of vulnerable components, to the public internet. This not only allows them to manage license risks but also to generate and share SBOMs in a controlled fashion to meet any compliance needs.

HCL AppScan 360º 2.0 includes an automated updater that keeps vulnerability data fresh and ensures stability during security testing by supporting zero-downtime updates for regular CVE updates and major CVE patches.

Containerized Architecture That Scales With You

The speed of modern development continues to increase, and HCL AppScan 360º 2.0 has been built with the modern CI/CD software development process in mind. Its containerized, cloud-native architecture allows teams to scale resources up or down based on their needs, switch between testing tools depending on the phase of development, and perform version upgrades with the automated updater without interrupting workflows.

From deep scans in staging to lightweight checks in CI/CD, the platform provides both the tools and the visibility to seamlessly embed security throughout the SDLC without slowing things down.

Better Together: Sovereignty and AI

Intelligent modern security and digital sovereignty don’t have to be at odds. HCL AppScan 360º 2.0 brings a number of advanced AI capabilities to both testing and remediation, all without requiring an external LLM. Intelligent Findings Analytics (IFA) uses non-LLM AI to improve scan accuracy and reduce false positives in SAST scans, and to detect edge-case error pages with DAST testing. 

Additionally, HCL AppScan AutoFix supports curated fix recommendations with GenAI context and summaries. This not only facilitates faster triage and remediation, but also helps team members learn best practices when it comes to secure coding. 

Better Together: Correlation

With the addition of Interactive Application Security Testing (IAST), developers and security teams are now able to correlate findings with DAST and SAST results for improved prioritization and faster triage. IAST has the unique ability to both see the code base and monitor the runtime traffic, allowing teams to:

• Enrich DAST findings with IAST/SAST details
• Prioritize SAST findings with the accuracy of IAST/DAST results
• Validate SAST fixes from the status updates of IAST/DAST issues
• Reduce the number of vulnerability and remediation tasks by grouping issues together​

As a result, development teams can focus on addressing the highest-priority security issues and zero in on the vulnerable code, resulting in greatly accelerated mean time to remediation (MTTR).

A Platform Built for What’s Next

Beyond these major additions, Version 2.0 is packed with platform enhancements designed to streamline security and development operations:

• Simplified Authentication: The platform now supports OIDC-based SSO (verified with Okta and Keycloak) and Domino LDAP servers, managed through a new, centralized user interface.
• Improved Developer Experience: The new AppScan For Dev - DAST Issue Verifier allows developers to simulate, debug and validate DAST findings directly within their IDE or browser before checking in code, shifting security even further left.
• Enhanced Customization: Personalize reports with custom titles and company logos, and streamline application management with custom application fields for more granular filtering, categorization and analysis.

HCL AppScan 360º 2.0 is a modern platform that delivers a full DevSecOps experience for organizations working to improve their security posture in an on-prem environment. From centralized dashboards and customizable policies to a broad array of integrations and flexible deployment models, it delivers comprehensive end-to-end application security.

If your organization is looking to modernize its AppSec strategy while maintaining full control over its data and infrastructure, this release is worth a serious look.

HCL AppScan 360º Version 2.0 is available now. Contact us today to schedule a demo and see first-hand how this solution can work for you.