Recent updates
Discover upcoming and recently added features.
New on May 25, 2020
- Execution date and time added to scan details, so that duration represents Scan Execution time, excluding any queue or pending time.
- Quick filter on the Fix Groups tab changed to ‘Non-Compliant’ (instead of ‘Active Status’).
- Link to IAST documentation added to Create IAST Scan dialog.
- New API added for getting count of issues by severity.
- Webhooks added to the API, to receive notifications about events that occur in AppScan On Cloud. Two event types are supported: completion of scan execution and change in application counters or status. For more details see Webhooks.
- Improved filtering of duplicate issues for SAST scans: The Hash algorithm used to uniquely identify SAST Issues has been improved to reduce duplicate Issues. New Issues will be stored with the new internal hash. However the hash value of existing Issues will not be changed.
- Reports: Fix Groups ID added to the Fix Group sections on the report.
Advance Notice: See Personal Scans: Important Change
New on May 21, 2020
- New language support for Scala.
- New language support for ReactJS.
- Support for Visual Studio 2017 and Visual Studio 2019 C++ projects.
New on May 10, 2020
- Rename scans: You can now rename scans in the UI. Previously found Issues remain listed under the old scan name, but new and repeat issues will be listed with the new name.
- Reports:
- Changed SAST Custom Advisory structure.
- Unified cover page for all reports.
- DAST XML report: The order of the "URL Group" and "Entity Group" sections in DAST XML reports has been changed. Other versions of the report are not affected.
- Dashboard: Improved performance.
- Scan History: Improved loading, especially when there are many scans in the list.
- General bug fixes.
Advance Notice: See Personal Scans: Important Change
New on April 22, 2020
- Scan Reports:
- SAST Fix Group name and content now match those shown in the UI and Application Reports.
- SAST Scan Reports now include Custom Advisories, as in Application Reports.
- Cover page updated and TOC added, to match Application Reports.
- Discussion and History check boxes added to the Metadata options.
- User Interface: Search capability added in "Users & Roles" and "Asset Groups".
- Improved performance and bug fixes.
New on April 15, 2020
- General bug fixes and improvements.
New on April 7, 2020
- Documentation: The localized versions of the documentation (French, Japanese, Simplified Chinese, and Traditional Chinese) have been updated.
New on April 6, 2020
- User interface improvements:
- You can now sort the Issues and AppScan Presences columns in the All Issues tab by clicking the column header.
- Added an auto-complete to the URL field when creating a Dynamic Scan.
- General improvements and bug fixes
New on April 3, 2020
- DAST engine update: Dynamic Analysis engine updated to AppScan Standard version 10.0.0. See AppScan Standard Fix List.
New on March 27, 2020
- New language support for Kotlin and Swift.
- .NET analysis improvements to reduce false positives.
- Improved PHP support.
- General bug fixes and improvements.
New on March 25, 2020
- IAST Scans: Our latest scan technology uses an agent deployed on the web server of the tested application to monitor traffic sent during runtime, and report vulnerabilities it finds. Unlike other ASoC scans, an IAST scan doesn't generate its own traffic, but monitors your system tests, or traffic sent during a DAST Scan. So you can have ongoing identification of runtime issues without the need to send dedicated test requests. See Interactive (IAST) Scans.
- Test Optimization for DAST Scans: The DAST scan setup wizard has a new Test Optimization slider that lets you control the extent of tradeoff between issue coverage and scan speed. Test Optimization selectively sends tests most likely to discover significant issues in your application, so during product development you can take advantage of faster scans with a relatively small loss of thoroughness. You can choose between four optimization levels, for various needs such as initial testing, DevSecOps, pre-release, compliance and more. The fastest option includes a Test stage up to 10 times faster than a non-optimized scan, with approximately 70% of the vulnerability coverage. See Test Optimization.
- Test Policy for DAST Scans: The AppScan Standard Default Test Policy is now applied to all DAST scans configured using the wizard. You can apply a different Test Policy by configuring the scan in AppScan Standard, or through the API.
- General improvements and bug fixes.
New on March 17, 2020
- Improved support for SSL (HTTPS) using self-signed root certificates
- General improvements and bug fixes
New on March 10, 2020
- General bug fixes and improvements.
New on March 5, 2020
- New language support for Visual Basic.
- General bug fixes and improvements.
- AppScan on Cloud documentation is now available in traditional and simplified Chinese, as well as French and Japanese.
New on February 26, 2020
- Enhanced details and guidance for SAST issues.
- New DAST engine with stability bug fixes.
- General improvements and bug fixes.
New on February 18, 2020
- General improvements and bug fixes.
New on February 10, 2020
- New language support for ASP Classic.
- Improvements to NodeJS scanning:
- 37 new articles
- Refined 29 rules
- These improvements ultimately should reduce the overall number of findings.
- However, updates could cause some existing findings to appear as new findings.
New on February 5, 2020
- General improvements and bug fixes
New on February 2, 2020
- Dynamic Analysis engine updated to AppScan Standard version 9.0.3.14 iFix001. See Fix List here.
New on January 21, 2020
- DAST Proxy now supports DAST.CONFIG file encryption
- ASoC now supports scanning encrypted DAST.CONFIG files
- Changes to Proxy Server CLI commands and REST API commands
New on January 19, 2020
- In the Application > All Issues tab:
- The default listing now shows only non-compliant issues (New, Open, In-Progress, Reopened)
- New filter display
- SAST scans: A Fix Group link is added to each Issue in the All Issues list, to open the Fix Group tab for that Issue
- Security Reports:
- You can now generate a report even when there are no issues, or all issues are compliant
- SAST scans: “Issues by Fix Group” section added to the Application Security Report
- General improvements and bug fixes
New on January 12, 2020
- Mobile Analysis now supports iOS versions up to 13.3.
New on January 1, 2020
- IBMid is no longer supported. Former IBM users must create an HCL Software ID to continue using ASoC. See Create your HCL ID.
- General bug fixes.
- Changes to IP ranges used by ASoC, see System requirements and browser support.