Recent updates
Discover upcoming and recently added features.
Updates: AppScan on Cloud announcements, including advance notice of planned changes and
scheduled maintenance that might affect your workflow, can be found
on AppScan News. To be
notified when there is an announcement, you can subscribe to AppScan
News.
Translations: If you are reading this page in
translation, please be aware that it may not include the latest
additions. To see the latest version of this page, switch to the
English version, using the "Change Language" option at the top right
of the menu bar.
New on May 27, 2021
- IAST scanning:
- Node.js agent (version 1.1.0) now supported in addition to Java and .NET
- .NET agent (version 1.2.2):
- Now supports .NET 4.6.2
- Library updates
- Support setting host and token through environment variables and through Web.config file
- Java agent (version 1.8.10000:
- Performance improvements
- Support 32-bit JRE environments
- Support more Java environments for auto-attach
- New rules to detect spring sanitization (reduce Spring FP)
- Change env var names to IAST_HOST and IAST_ACCESS_TOKEN
- Report attCookieNotSecureSSL instead of SessionManagement.Cookies
- Simplified reports
- Bug fixes
New on May 26, 2021
- Static analysis client updated to version 8.0.1436.
- Support for source-code scanning for VB.NET, which is enabled by the source code-only option.
New on May 23, 2021
- Asset groups: New design, and ability to add a user as contact person for the group
- IAST: JavaScript Agent added
- Reports: DISA report upgraded to version 5, release 1
New on May 11, 2021
- DAST automation updates:
- Various Java libraries updated to newer versions
- Proxy Server now supports TLS connections
- You can now start a Recording Proxy with a range of ports rather than a specific port (the lowest available port in the range will be used)
- You can now set the port for the Proxy Server in Settings.json
- Fixed a bug importing JKS certificates to the Proxy Server
New on April 28, 2021
- Static analysis client updated to version 8.0.1433.
- General fixes and functionality improvements.
- APAR fixes.
- Improvements to Java parallel processing.
New on April 27, 2021
- UI:
- Accept invitation to join an organization from the "Choose an Organization" dialog
- Added Cipher Suite information to issue details
- Reports: Cipher Suite information added
- API:
- Scan ID added to ScanExecution model
- Export data in CSV format
- Invitations to new users are now valid for 30 days.
New on April 12, 2021
- UI: Applications can now be imported using a CSV file.
- Reports:
- IAST: Additional info table added.
- Fix groups table added to the CSV format of the security report.
New on April 7, 2021
- Static analysis client updated to version 8.0.1431.
- New and faster source code-only scanning for C#, ASP.NET, and C.
- Additional functionality for the
queue_analysisCLI command for both Windows and Linux. These parameters are optional:- Enable or disable email notification on analysis completion.
- Run the scan as a personal scan.
- AppScan Go! is now supported on Mac.
New on March 21, 2021
- Improved and updated user interface including the
following changes:
- Collapsible menu bar with a new order and several new menu items.
- Navigate between all views with breadcrumbs.
- Applications page: The create application wizard flow has been updated.
- Single application page: A new dashboard gives you a graphic overview of the status of your application with risk rating and compliance status, scan status, issues by severity, most common issue types found, and more.
- Policies:
- Improved Policies page now shows a list of policies, and the applications associated with each policy, rather than the reverse.
- Many new predefined policies are now available to associate with your applications.
- Baseline policy is now set directly from the application page, rather than the Policies page.
- Create scan wizard: Improved flow, and for DAST scans there is now a separate path for creating scans with an uploaded file.
- Email and personal scan preferences are now set on the new Summary page.
- Select which columns to display in tables, adjust width and change column order.
- Share pages with other authorized users by simply sending them the link (ID) to the specific page.
- Issues: Improved content and functionality
- New and updated content for many issues.
- How to fix: Advisory and Fix Recommendation sections have been consolidated into a comprehensive “How to fix” tab.
- For many issues custom “How to fix” content for specific code languages is available.
- Share issues with other authorized users by simply sending them the link (ID) to the specific issue in the application.
- Reports include the new “How to fix” content.
- API: You can now upload your own configuration for IAST monitoring.
New on March 4, 2021
- AppScan Go! version 0.1.7 for Mac is now available, in addition to the Linux and Windows versions.
New on Febrary 22, 2021
- DAST engine update: Dynamic Analysis engine updated to AppScan Standard version 10.0.4. See AppScan Standard Fix List.
New on Febrary 21, 2021
- API: IAST agent can now be downloaded (with or without key) using the API (in addition to the UI).
New on Febrary 22, 2021
- DAST engine update: Dynamic Analysis engine updated to AppScan Standard version 10.0.4. See AppScan Standard Fix List.
New on Febrary 21, 2021
- API: IAST agent can now be downloaded (with or without key) using the API (in addition to the UI).
New on February 3, 2021
- Static analysis client updated to version 8.0.1422.
- General fixes and functionality improvements.
- Improved performance and memory utilization around parallel processing functionality for Java applications.
New on January 31, 2021
- UI: Updated calculation of an application’s “Risk rating":
- New applications are now assigned Business Impact “Medium” by default, but existing applications with the previous default of “Undefined” will not be changed. “Undefined” can still be assigned to an application manually.
- If an application contains a completed scan, even though there are no active issues, the Risk rating is now set to "Low" (previously it was set to "Unknown").
- API and UI: Scan files now download faster.
New on January 26, 2021
- IAST:
- Support for Tomcat 10
- Improved taint tracking
- Revised OS Commanding detection rules
New on December 28, 2020
- UI:
- New Dashboard page
- New Domains page and Domain Verification dialog
- CSV file improvements for imported issues
- API:
- Added ability to modify an existing custom
policy:
PUT /api/V2/Policies/{id} - Issue types can now be displayed in different
locales by adding a locale parameter to:
GET /api/v2/Issues/{scope}/{scopeId} - IAST agents now support multiple authentication keys: When you download a second IAST agent for an existing session, both new and old agent keys will be valid (unless you revoke the old key using the Generate new key option). See Start IAST Session
- Added ability to modify an existing custom
policy:
- Fixes:
- REST API: WebHooks POST method response has null value for AssetGroupId even though AssetGroupId is defined
- Import issue: Supported fields
New on December 16, 2020
- Static analysis client updated to version 8.0.1419.
- New support for Infrastructure as Code (IaC) scanning.
- Support for Java 11.
- Support for including and excluding Java namespaces for scanning.