HCLSoftware has announced the launch of HCL AppScan 360º version 2.0, a next-generation application security platform designed to help organizations regain control over their software supply chains. As open-source adoption accelerates and global data regulations tighten, HCL AppScan 360º delivers a powerful, cloud-native solution that enables enterprises to secure their applications—without compromising visibility, compliance, or sovereignty.
High-profile incidents like Log4Shell have exposed the fragility of software supply chains and the lack of visibility many organizations have into their own codebases. Today’s organizations are relying on Open-source Software (OSS) components from a patchwork of fragmented repositories which leaves systems exposed to newly discovered vulnerabilities and creates a tangled web of dependencies that is tough to track and maintain. It is not uncommon for companies to rely on hundreds—or even thousands—of open-source components, many of which come with little visibility into their origins, licensing, or security posture.
‘At the same time, governments are tightening the reins. Over 70 percent of countries have introduced or are drafting data sovereignty laws (Gartner), and regulations like the EU’s Cyber Resilience Act and the U.S. Executive Order on Improving the Nation’s Cybersecurity are mandating greater transparency, faster patching, and full lifecycle oversight of software components.
“The global move towards data sovereignty is changing the ecosystem in which secure development happens—but not the increasing pace, which is driven, to a large degree, by open-source adoption and AI tooling,” said Rajesh Iyer, Executive Vice President and Portfolio Manager, HCLSoftware. “These pressures are forcing organizations to rethink how they manage open-source software, track vulnerabilities, and control where and how their data is stored and processed.”
HCL AppScan 360º version 2.0 is purpose-built to meet this moment. It delivers full-stack application security testing—including high density Software Composition Analysis (SCA) and automated Software Bill of Materials (SBOM) generation—within a secure, on-prem or sovereign cloud environment.
“IDC research shows that nearly 85% of organizations currently deploy at least some application security tools on premises, even as cloud adoption grows,” said Katie Norton, Research Manager for DevSecOps at IDC. “The availability of on-premises SCA in AppScan 360º Version 2.0 addresses a critical gap for enterprises that require deep open-source visibility while maintaining full control over their infrastructure and data locality.”
This new release adds a number of core technologies to the platform to create a full suite of AI-enabled testing and remediation tools including DAST, SAST, IAST, SCA, API, IaC and secrets. Some key capabilities include:
- Real-time open-source vulnerability detection across the entire application stack with high-density SCA
- Automated SBOM creation to provide visibility into dependencies, versions, and sources, make it easier to spot vulnerabilities, stay compliant with licensing, and respond quickly when issues arise.
- Deployment flexibility in air-gapped or sovereign environments for full infrastructure control
- Correlation (IAST, DAST, SAST) to prove exploitability and confirm fixes with findings from a mix of technologies.
Beyond regulatory compliance, AppScan 360º helps organizations build trust with customers and partners. A recent Cisco survey found that 92% of consumers prefer their personal data to be stored within their home country—a clear signal that data sovereignty is now a business differentiator, not just a legal checkbox.
“We are delivering on a promise to our customers with a fully on-prem platform that provides up-to-the-minute open-source visibility and AI-enablement, all without exposing their data to the public cloud,” said Rajesh Iyer. By enabling secure, localized operations and full visibility into software components, HCL AppScan 360ºempowers security teams to move from reactive firefighting to proactive governance.
