Recent updates

Discover upcoming and recently added features.

Updates: AppScan on Cloud announcements, including advance notice of planned changes and scheduled maintenance that might affect your workflow, can be found on AppScan News. To be notified when there is an announcement, you can subscribe to AppScan News.
Translations: If you are reading this page in translation, please be aware that it may not include the latest additions. To see the latest version of this page, switch to the English version, using the "Change Language" option at the top right of the menu bar.

New on September 12, 2021

  • DAST scans: You can now upload multiple DAST.CONFIG files for a single scan (see Explore with guidance).

New on August 4, 2021

  • Static analysis client updated to version 8.0.1448.
  • General fixes and functionality improvements.

New on August 2, 2021

  • DAST scanning:
    • New single scan page:
      • Gives you access to detailed data about the scan, with three tabs: Overview, Issues, Configuration, and the scan log pane (see Single scan page.
      • Shows real-time status of running scans.
      • Scan log can now be viewed while scan runs.
      • New indicator for scans that were handled by an enabler from the scan support team to review their configuration.
    • Scan wizard additions:
    • API:
      • Create a scan with multiple files.
      • Choose between automatic explore and explore with guidance.
      • Added automatic timeout
      • The number of issues new to the application is now included in the scan results.
  • IAST monitoring:
    • Now supports uploading a CONFIG file.
    • Monitoring will now reflect changes you make to the CONFIG file on your local server.
    • Issue Information tab for IAST issues:
      • New Additional info section.
      • Exploit example included for many more issues.
    • Security rule updates:
      • path traversal advanced algorithm
      • Deserialization - Xtream, xmlDecode
      • Reduce FP on escapeHtml
    • Fixes and memory improvements for wildfly server.
  • Export icon: Lets you export applications, scans, single application scans, fix groups, fix group issues, single scan issues, users, asset groups.
  • List of domains is now visible to all users.

New on July 13, 2021

New on June 29, 2021

New on June 23, 2021

  • UI:
    • New “Ask an expert” feature added
    • Export to CSV/JSON added to applications and issues pages
    • Create Scan: Added Timeout and Number of threads configuration
    • Fix group ID {“Group ID”) added to issue panel
    • IAST: Additional info added to issue panel
    • Column configurations and filters are now saved between sessions
    • Sample Applications CSV: Description and Tags columns removed
    • New plugin: Github
  • API:
    • Added ability to add comments to ScanExecution
    • DAST configuration: Added ability to configure Number of threads and Communication timeout
  • General bug fixes

New on May 27, 2021

  • IAST scanning:
    • Node.js agent (version 1.1.0) now supported in addition to Java and .NET
    • .NET agent (version 1.2.2):
      • Now supports .NET 4.6.2
      • Library updates
      • Support setting host and token through environment variables and through Web.config file
    • Java agent (version 1.8.10000:
      • Performance improvements
      • Support 32-bit JRE environments
      • Support more Java environments for auto-attach
      • New rules to detect spring sanitization (reduce Spring FP)
    • Change env var names to IAST_HOST and IAST_ACCESS_TOKEN
    • Report attCookieNotSecureSSL instead of SessionManagement.Cookies
    • Simplified reports
    • Bug fixes

New on May 26, 2021

  • Static analysis client updated to version 8.0.1436.
  • Support for source-code scanning for VB.NET, which is enabled by the source code-only option.

New on May 23, 2021

  • Asset groups: New design, and ability to add a user as contact person for the group
  • IAST: JavaScript Agent added
  • Reports: DISA report upgraded to version 5, release 1

New on May 11, 2021

  • DAST automation updates:
    • Various Java libraries updated to newer versions
    • Proxy Server now supports TLS connections
    • You can now start a Recording Proxy with a range of ports rather than a specific port (the lowest available port in the range will be used)
    • You can now set the port for the Proxy Server in Settings.json
    • Fixed a bug importing JKS certificates to the Proxy Server

New on April 28, 2021

  • Static analysis client updated to version 8.0.1433.
  • General fixes and functionality improvements.
  • APAR fixes.
  • Improvements to Java parallel processing.

New on April 27, 2021

  • UI:
    • Accept invitation to join an organization from the "Choose an Organization" dialog
    • Added Cipher Suite information to issue details
  • Reports: Cipher Suite information added
  • API:
    • Scan ID added to ScanExecution model
    • Export data in CSV format
  • Invitations to new users are now valid for 30 days.

New on April 12, 2021

  • UI: Applications can now be imported using a CSV file.
  • Reports:
    • IAST: Additional info table added.
    • Fix groups table added to the CSV format of the security report.

New on April 7, 2021

  • Static analysis client updated to version 8.0.1431.
  • New and faster source code-only scanning for C#, ASP.NET, and C.
  • Additional functionality for the queue_analysis CLI command for both Windows and Linux. These parameters are optional:
    • Enable or disable email notification on analysis completion.
    • Run the scan as a personal scan.
  • AppScan Go! is now supported on Mac.

New on March 21, 2021

  • Improved and updated user interface including the following changes:
    • Collapsible menu bar with a new order and several new menu items.
    • Navigate between all views with breadcrumbs.
    • Applications page: The create application wizard flow has been updated.
    • Single application page: A new dashboard gives you a graphic overview of the status of your application with risk rating and compliance status, scan status, issues by severity, most common issue types found, and more.
    • Policies:
      • Improved Policies page now shows a list of policies, and the applications associated with each policy, rather than the reverse.
      • Many new predefined policies are now available to associate with your applications.
      • Baseline policy is now set directly from the application page, rather than the Policies page.
    • Create scan wizard: Improved flow, and for DAST scans there is now a separate path for creating scans with an uploaded file.
    • Email and personal scan preferences are now set on the new Summary page.
    • Select which columns to display in tables, adjust width and change column order.
    • Share pages with other authorized users by simply sending them the link (ID) to the specific page.
  • Issues: Improved content and functionality
    • New and updated content for many issues.
    • How to fix: Advisory and Fix Recommendation sections have been consolidated into a comprehensive “How to fix” tab.
    • For many issues custom “How to fix” content for specific code languages is available.
    • Share issues with other authorized users by simply sending them the link (ID) to the specific issue in the application.
  • Reports include the new “How to fix” content.
  • API: You can now upload your own configuration for IAST monitoring.

New on March 4, 2021

  • AppScan Go! version 0.1.7 for Mac is now available, in addition to the Linux and Windows versions.

New on February 22, 2021

New on February 21, 2021

  • API: IAST agent can now be downloaded (with or without key) using the API (in addition to the UI).

New on February 3, 2021

  • Static analysis client updated to version 8.0.1422.
  • General fixes and functionality improvements.
  • Improved performance and memory utilization around parallel processing functionality for Java applications.

New on January 31, 2021

  • UI: Updated calculation of an application’s “Risk rating":
    • New applications are now assigned Business Impact “Medium” by default, but existing applications with the previous default of “Undefined” will not be changed. “Undefined” can still be assigned to an application manually.
    • If an application contains a completed scan, even though there are no active issues, the Risk rating is now set to "Low" (previously it was set to "Unknown").
  • API and UI: Scan files now download faster.

New on January 26, 2021

  • IAST:
    • Support for Tomcat 10
    • Improved taint tracking
    • Revised OS Commanding detection rules

New on December 28, 2020

  • UI:
    • New Dashboard page
    • New Domains page and Domain Verification dialog
    • CSV file improvements for imported issues
  • API:
    • Added ability to modify an existing custom policy: PUT /api/V2/Policies/{id}
    • Issue types can now be displayed in different locales by adding a locale parameter to: GET /api/v2/Issues/{scope}/{scopeId}
    • IAST agents now support multiple authentication keys: When you download a second IAST agent for an existing session, both new and old agent keys will be valid (unless you revoke the old key using the Generate new key option). See Start IAST Session
  • Fixes:
    • REST API: WebHooks POST method response has null value for AssetGroupId even though AssetGroupId is defined
    • Import issue: Supported fields

New on December 16, 2020

Previous updates