HCL AppScan 360º 2.0: Secure Your Software Supply Chain
▼ Summary
– HCLSoftware launched HCL AppScan 360º version 2.0, a next-generation application security platform designed to help organizations secure their software supply chains.
– The platform addresses challenges from open-source adoption and tightening data regulations by offering a cloud-native solution with on-prem or sovereign cloud deployment options.
– It provides full-stack application security testing, including high-density Software Composition Analysis and automated Software Bill of Materials generation.
– Key capabilities include real-time vulnerability detection, automated SBOM creation, and deployment flexibility in air-gapped or sovereign environments.
– The tool helps organizations meet compliance requirements, build customer trust through data sovereignty, and maintain control over infrastructure and data locality.
Businesses today face a complex challenge: securing their software supply chains amid rapid open-source adoption and increasingly strict global data regulations. HCL AppScan 360º version 2.0 offers a cloud-native solution designed to help organizations regain control, ensuring application security without sacrificing visibility, compliance, or data sovereignty.
High-profile incidents such as Log4Shell have revealed critical weaknesses in software supply chains, where many companies lack clear insight into their own codebases. Organizations frequently depend on hundreds or even thousands of open-source components sourced from fragmented repositories. This patchwork approach introduces significant risk, exposing systems to newly discovered vulnerabilities and creating a complex web of dependencies that is difficult to monitor and maintain.
Simultaneously, governments worldwide are enacting stricter data regulations. Over 70% of countries have either introduced or are drafting data sovereignty laws, according to Gartner. Initiatives like the EU’s Cyber Resilience Act and the U.S. Executive Order on Improving the Nation’s Cybersecurity are pushing for greater transparency, faster patching, and comprehensive oversight throughout the software lifecycle.
Rajesh Iyer, EVP and Portfolio Manager at HCLSoftware, noted, “The global shift toward data sovereignty is reshaping the secure development landscape. Organizations must now rethink how they handle open-source software, track vulnerabilities, and control where their data resides.”
Built to address these evolving demands, HCL AppScan 360º 2.0 provides full-stack application security testing. It includes high-density Software Composition Analysis (SCA) and automated Software Bill of Materials (SBOM) generation, all operable within a secure on-premises or sovereign cloud environment.
Katie Norton, Research Manager for DevSecOps at IDC, emphasized the importance of this approach: “With nearly 85% of organizations deploying some application security tools on premises, the availability of on-prem SCA in AppScan 360º 2.0 meets a critical need for enterprises requiring deep open-source visibility without sacrificing control over infrastructure and data locality.”
The platform integrates a suite of AI-enabled testing and remediation tools, covering DAST, SAST, IAST, SCA, API, infrastructure as code (IaC), and secrets management. Key features include real-time open-source vulnerability detection across the entire application stack, automated SBOM creation for improved dependency visibility, and deployment flexibility in air-gapped or sovereign environments.
Beyond meeting regulatory requirements, AppScan 360º helps build trust with customers and partners. A recent Cisco survey found that 92% of consumers prefer their personal data stored within their home country, indicating that data sovereignty has become a competitive advantage, not just a compliance obligation.
Rajesh Iyer concluded, “We are fulfilling our commitment to customers with a fully on-prem platform that delivers up-to-the-minute open-source visibility and AI capabilities, all while keeping their data secure and off the public cloud.”
(Source: HelpNet Security)