What's new in AppScan on Cloud

Updates: AppScan on Cloud announcements, including advance notice of planned changes and scheduled maintenance that might affect your workflow, can be found on AppScan News. To be notified when there is an announcement, you can subscribe to AppScan News.

Translations: If you are reading this page in translation, please be aware that it may not include the latest additions. To see the latest version of this page, switch to the English version, using the "Change Language" option at the top right of the menu bar.

New on April 17, 2024

Static analysis client updated to 8.0.1567.
Software Composition Analysis (SCA) now supports config scanning of package.json files from NPM packages.
SCA can retrieve essential package dependency information from the scan, providing users with comprehensive insights into project dependencies. Package dependencies detected by the NPM package manager scans are seamlessly integrated into the Software Bill of Materials (SBOM) report, facilitating a clearer understanding of project dependencies.
Note: Issues found during config scanning are consolidated results from other config scan only. To disable config scanning, use the -nc flag with appscan prepare.
Improvements to secrets scanner.
Improvements to Java source code scanner.
General bug fixes.

New on April 14, 2024

User experience (UX) improvements:
- The Create scan dialog box has been redesigned to streamline workflow for DAST scanning.
- The Settings page has been redesigned with improved organization, and now requires confirmation of changes to page settings.
- The Correlation groups page has been redesigned for greater ease-of-use.
A date filter has been added to the Fix groups page. View fix groups according to a date range and/or according to time-related properties associated with component issues.
A share option has been added to the Issue details pane. Copy a link or issue ID to share issue details quickly and efficiently via text or email.

New on March 27, 2024

DAST engine update: Dynamic Analysis engine updated to AppScan Standard version 10.5.0. See AppScan Standard Fix List.

New on March 25, 2024

New IAST Java agent (1.16.1)
- Improved support for customers using the Vertx framework.
- Support components discovery and more accurate stack report for IAST Total.
New IAST PHP agent (1.0.1)
- Support PHP 8.3 on Ubuntu.
- Support environment variables from server config files.

New on March 9, 2024

Static analysis client updated to 8.0.1561.
General bug fixes.

New on March 8, 2024

Static analysis client updated to 8.0.1560.
Static analysis support for .NET 8.
Improvements to Software Composition Analysis (SCA) support for Go Modules.
Improved accuracy for Java, JavaScript and Python languages.
General bug fixes.

New on February 21, 2024

New IAST Java agent (version 1.16.0):
- Added support for the VertX framework.
New IAST .NET agent (version 1.10.0):
- Added support for .NET 8.
- Enhanced support for IAST Total on .NET.
- Optimization.

New on February 18, 2024

REST API update: Version 4 of our REST API is available now. Please review the technical overview for assistance in migrating to the updated API.
Default issues view: By default, ASoC displays non-compliant issues only at the application level.
Fix groups filtering: ASoC supports filtering fix groups by vulnerability and policy, in addition to existing filters. With additional filtering capabilities, you can pinpoint issues and optimize fixes for faster remediation.
Issue properties tab: New Properties tab on the Issue details pane lists expanded issue details, including how and when the issue was found, type, status, severity, scanner, and location, and including issue ID.
Auto-close of issues: ASoC auto-closes issues when they do not appear in rescans, thus reducing the manual effort of closing issues.
2k scan limit: When auto-cleanup is not enabled at the organization level, ASoC enforces the 2k scan limit.

New on February 14, 2024

AppScan Go! updated to version 2.0.0
AppScan Go! steps you through configuring and running a static, SCA, or secrets scan with a refreshed and improved user interface and refined workflow. You can run a complete scan, prepare an IRX file for scanning later, or configure files for automating scans with AppScan plugins. You can also view account information within the tool.

New on January 19, 2024

Static analysis client updated to 8.0.1558.
New Software Composition Analysis (SCA) support for Go Modules.
General bug fixes.

New on January 15, 2024

Software Composition Analysis (SCA):
- Software Bill of Materials (SBOM) report: New support for Software Bill of Materials (SBOM) reports. Generate an SPDX industry-standard report of open source libraries in your application
- Open source library search: SCA users can search for open source libraries in applications to which they have access through asset groups. The ability to locate all instances of a library increases the speed and confidence with which users can remediate library-related issues and concerns.
- Open source library details: Library search results include license details of libraries found in applications. Details include license information that enables you to evaluate the legal risks and benefits of a particular library.
Static analysis (SAST):
- Source code view: The Issue details pane includes the ability to access source code in the local directory structure or, if the scan was created in GitHub, to view the code in the GitHub repository.
- C++ scanner: Improved source code-only scanning for C++.
Enhanced DAST scanning with IAST Total: IAST Total provides enhanced automatic configuration, quicker scan and remediation processes, detailed call stack information for detected vulnerabilities, and deeper insight into the application backend. For more information, see IAST Total.
User experience (UX) improvements:
- Asset groups: The new delete asset group flow simplifies the process of deleting an asset group. Users with the delete asset group permission (default roles like Administrator and Manager, as well as custom roles) can delete an asset group along with its associated applications, including scans and findings, facilitating the removal of unnecessary applications. Users can also opt to move the applications to another asset group, either with or without their members.
- Fix groups: Comments field added to security report for fix groups, allowing for better inclusion and tracking of notes and comments.

Previous updates 2023

Previous updates 2021-2022

Previous updates 2019-2020

Previous updates 2016-2018