HCL AppScan Reviews

Name: HCL AppScan
Brand: HCLSoftware
Rating: 3.8 (44 reviews)

Vendor: HCLSoftware

3.8 out of 5

44 reviews
84% willing to recommend

Leave a review

What is HCL AppScan?

HCL AppScan offers quick vulnerability detection with effective SDLC integration and is known for its user-friendly interface and seamless security integration.

Get the HCL AppScan Buyer's Guide and find out what your peers are saying about HCL AppScan, SonarQube, Snyk and more!

HCL AppScan is the #6 ranked solution in top Dynamic Application Security Testing (DAST) solutions, #16 ranked solution in AST tools, and #19 ranked solution in application security solutions. PeerSpot users give HCL AppScan an average rating of 7.6 out of 10. HCL AppScan is most commonly compared to SonarQube: HCL AppScan vs SonarQube. HCL AppScan is popular among the large enterprise segment, accounting for 54% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 11% of all views.

Helped 893,164 peers since 2012

Featured HCL AppScan reviews

Ravi Khanchandani

Founder Director at Techsa Services

During the learning curve of onboarding HCL AppScan, we learned that HCL has altered the portfolio and now offers HCL AppScan 360, which has a much better look and feel with an improved user interface. However, there is one feature called SCA, which stands for Software Composition Analysis, that could be improved. When I'm doing an application scan, HCL AppScan has the ability to generate information about what components are in use. For example, if I'm scanning a web application, it shows me the various components being used. It tells me whether I have Java libraries, .NET frameworks, or other log management libraries such as Log4j, and what versions of those specific components are present. I would like to see more detailed reports from the tool. Currently, you can find out the components belonging to a specific software, but if detailed reporting became available, you would be in a better position to identify vulnerabilities. For instance, I could identify that I had the Log4j vulnerability and know that I need to fix my application accordingly. If they add the features I'm describing, I would consider giving them a higher rating. However, I've only been experienced with the product for three months.

Read full review

MukeshSaha

Associate Principal, Software Engineering at LTI - Larsen & Toubro Infotech

The primary use case for AppScan is for security purposes. I compare AppScan with other tools such as Veracode. We use AppScan for vulnerability detection and auto-remediation of vulnerabilities with features built into the tool, including their AI solutions. I work with AppScan and other security…

Read full review

Gladwin Christian

QA manager at SmartStream Technologies ltd.

Given that we have been using HCL AppScan for many years, I think the setup process is not difficult at all. Sometimes, some issues stop or prevent my company from moving forward with the product's setup phase. We have to call HCL's support team and engage in long discussions to smoothly carry out the setup phase. In general, the product's setup phase is not difficult in our company. The solution is deployed on an on-premises model. The licenses for the solution are available only on cloud deployments nowadays. The solution is already installed in our environment. Every time a new release or software comes out from HCL, our company does a scan, which takes maybe a day or two.

Read full review

HCL AppScan mindshare

Product category:

As of May 2026, the mindshare of HCL AppScan in the Application Security Tools category stands at 2.4%, down from 2.6% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Application Security Tools Mindshare Distribution
Product	Mindshare (%)
HCL AppScan	2.4%
SonarQube	13.6%
Checkmarx One	8.8%
Other	75.2%

Application Security Tools

PeerResearch reports based on HCL AppScan reviews

Type	Title	Date
Category	Application Security Tools	May 8, 2026	Download
Product	Reviews, tips, and advice from real users	May 8, 2026	Download
Comparison	HCL AppScan vs SonarQube	May 8, 2026	Download
Comparison	HCL AppScan vs Checkmarx One	May 8, 2026	Download
Comparison	HCL AppScan vs Veracode	May 8, 2026	Download

Valuable Features

HCL AppScan offers valuable features such as PCI compliance templates, ease of use, rapid code scanning, extensive vulnerability detection, effective static and dynamic testing, multilingual support, custom rules, low false-positive rate, and intuitive user interface. Users appreciate its scalability, security practices enforcement, API capabilities, integration with SDLC, AI-powered enhancements, QR code scanning, and ability to handle sensitive data protection.

"I mainly use AppScan for vulnerability scanning and database bridging."
"The dynamic scan, the DAST tool, dynamic applications scanning and testing tool, is great."
"The support I have received has been good."

Room for Improvement

HCL AppScan's areas for enhancement include better false positive management, integration with other tools, and extended mobile support. Users indicate improved performance is needed, especially with large scans. The system's usability and dashboard interface require refinement. More extensive language and AI integration, alongside fortified security measures, are necessary. Expanding database size and improving technical support are noted. Users also seek better pricing models and automation alerts. Enhancements in CI/CD integration and support for containers are desired.

"AppScan is too complicated and should be made more user-friendly."
"The performance could be better. Sometimes it doesn't work so well."
"The solution could improve by having a mobile version."

ROI

Organizations reported a 50 percent return from HCL AppScan. In Brazil, users witnessed a 20 percent cost reduction. It enhances microservices-led architecture by minimizing errors and defects, integrating DevOps and IT pipelines, and improving application security post-deployment. Many banks benefited from cost savings and observed returns within six months. Some users could not provide financial insights.

Pricing

Enterprise users perceive HCL AppScan's pricing as generally expensive, though some find it cost-effective compared to competitors like Veracode. Users appreciate the one-time purchase option without ongoing license fees, while others utilize a token-based system and find it convenient for scanning needs. Discounts are occasionally available, but many users suggest pricing could be more competitive. Overall, costs reflect the premium features offered, and clients are often willing to invest for its encryption security scanning capabilities.

"The product is moderately priced, though it's an investment due to extensive code analysis needs."
"The solution is cheap."
"The product has premium pricing and could be more competitive."

Popular Use Cases

The primary use case of HCL AppScan involves ensuring application security through static and dynamic analysis, vulnerability detection, and security assessment. Many use it for DevOps and DevSecOps environments, integrating it into CI/CD pipelines. It supports scanning web interfaces and applications both on-premise and in cloud settings. Users highlight its ability to detect issues like SQL injections and perform security testing as part of the development and quality assurance processes.

Service and Support

HCL AppScan's customer service is mostly responsive, fast, and knowledgeable. Users report satisfaction with transitions and operational responses. However, some express a need for more regional support, particularly in the Gulf. While some praise is given for helpfulness and user-friendliness, there are mentions of delays due to time differences and criticisms of declining service quality since changing from IBM. Comparisons indicate Veracode may deliver superior assistance and regular communication.

Deployment

Many find HCL AppScan's initial setup straightforward, describing it as easy and quick, typically taking one to two days. Some experience complexity, especially with integration and large clients. Users actively engage professional services for customization. Feedback highlights the simplicity of cloud deployment, although certain setups require experienced personnel. Setup ratings range from six to ten out of ten, with deployment duration varying based on specific requirements and integrations.

Scalability

Users generally find HCL AppScan's scalability to be favorable with some exceptions. Many report seamless scaling capabilities, particularly in cloud-based scenarios, attributing ease in adaptation and expansion to program design and hardware allocation. However, others indicate limitations, like license restrictions and initial setup challenges. Test experiences vary, with some organizations noting efficient scaling across environments, while others suggest adjustments in infrastructure to meet larger-scale requirements. Overall user feedback leans towards a positive view of scalability.

Stability

HCL AppScan is consistently stable, with most users experiencing no issues. Some note minor glitches, often attributed to hardware rather than the application itself. Ratings often range from seven to eight out of ten. Users highlight strong reliability, reporting that it handles heavy workloads effectively. Only small stability concerns are mentioned during intense scanning or with older versions, but recent updates seem to have resolved these. Stability is enhanced when proper resources are utilized.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our HCL AppScan Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	11
Midsize Enterprise	4
Large Enterprise	20

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	180
Midsize Enterprise	100
Large Enterprise	329

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

11%

Computer Software Company

10%

Government

10%

Manufacturing Company

Construction Company

Comms Service Provider

Healthcare Company

Performing Arts

Retailer

Outsourcing Company

Educational Organization

Real Estate/Law Firm

Insurance Company

Energy/Utilities Company

Marketing Services Firm

Media Company

University

Hospitality Company

Consumer Goods Company

Transportation Company

Pharma/Biotech Company

Legal Firm

Non Profit

Compare HCL AppScan with alternative products

Learn more about HCL AppScan

HCL AppScan provides dynamic and static scanning to identify vulnerabilities like XSS and SQL injection. It integrates well into CI/CD pipelines, supports multiple languages, and offers web and dynamic scanning, helping businesses ensure security across development lifecycles. Users benefit from API coverage, Postman integration, and its ability to function in cloud and on-premise environments, facilitating a shift from DevOps to DevSecOps practices.

What features define HCL AppScan?

User-friendly interface: Simplifies navigation and usage.
Vulnerability detection: Quickly identifies issues like XSS and SQL injection.
Integration with SDLC: Seamlessly blends with development processes.
Dynamic scanning: Offers comprehensive security evaluations.
Multiple language support: Supports diverse programming environments.

What benefits should users consider?

Scalability: Adapts to growing needs and projects.
Low false-positive rates: Delivers accurate and reliable results.
Detailed reporting: Provides comprehensive vulnerability insights.
Effective integration: Enhances CI/CD pipeline security.

HCL AppScan is leveraged in sectors requiring rigorous security checks, such as finance and healthcare, where it conducts comprehensive scans and offers insights into potential vulnerabilities. Its robust scanning capabilities aid companies in maintaining compliance and security standards.

HCL AppScan was previously known as IBM Security AppScan, Rational AppScan, AppScan.

HCL AppScan customers

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT

Product Categories

Application Security Tools

Static Application Security Testing (SAST)

Dynamic Application Security Testing (DAST)

Popular Comparisons

SonarQube vs HCL AppScan

Snyk vs HCL AppScan

Checkmarx One vs HCL AppScan

GitLab vs HCL AppScan

Veracode vs HCL AppScan

Coverity Static vs HCL AppScan

Acunetix vs HCL AppScan

PortSwigger Burp Suite Professional vs HCL AppScan

Mend.io vs HCL AppScan

OpenText Core Application Security vs HCL AppScan

Sonatype Lifecycle vs HCL AppScan

GitHub Advanced Security vs HCL AppScan

OWASP Zap vs HCL AppScan

Qualys Web Application Scanning vs HCL AppScan

Invicti vs HCL AppScan

See all alternatives

HCL AppScan Reviews Summary
Author info	Rating	Review Summary
Founder Director at Techsa Services	4.5	I've used HCL AppScan for three months and found it effective in identifying security issues, though its reporting and SCA features need improvement; deployment was easy, and I'd recommend it for regulated industries like finance and healthcare.
Associate Principal, Software Engineering at LTI - Larsen & Toubro Infotech	3.5	I use HCL AppScan primarily for security, comparing it with tools like Veracode. Its strengths lie in vulnerability detection and AI features, though it needs improvement in false positive management, customer support, and bug reporting accuracy.
QA manager at SmartStream Technologies ltd.	4.0	I use HCL AppScan for security scanning in my company. The most valuable feature is its scanning capabilities. However, the technical support team needs improvement, especially in response times. I also compared it with Veracode but found limited information.
Senior Manager at Airtel	4.0	I use HCL AppScan primarily for vulnerability scanning on the network side, and I find the reporting feature to be its most valuable aspect. However, I believe it would benefit from including a penetration testing feature.
Head of Software Engineering at ronaldmariah@gmail.com	4.0	We use HCL AppScan for security testing and performance monitoring. It has valuable security features for identifying code issues and potential threats. However, it could benefit from AI integration to improve vulnerability detection and reporting capabilities.
Cyber Security Architect and Presales Consultant at Kyndryl	4.0	We use HCL AppScan for SAST and DAST, integrating it into our CI/CD pipelines for enhanced security testing. While it excels in testing, it lacks software component analysis and container scanning. It adds value in reducing errors and improving application security.
Software Engineer at Inspire for Solutions Development	4.5	I use HCL AppScan for scanning vulnerabilities and generating reports, valuing Postman for its precision and efficiency. While cost-efficient, HCL could improve by expanding its database and incorporating AI features to simplify manual tasks.
Mechanical maintenance technician at SAQ	5.0	I use HCL AppScan for securing applications through its integration with the SDLC, which facilitates vulnerability scanning. Its ROI is evident with a 20% cost saving. Transitioning from Fortify, I found AppScan offers better results and superior support.

Title	Rating	Mindshare	Recommending
SonarQube	4.0	13.6%	84%	136 interviews Add to research
Snyk	4.1	5.1%	100%	51 interviews Add to research

HCL AppScan Reviews

What is HCL AppScan?

Featured HCL AppScan reviews

HCL AppScan mindshare

PeerResearch reports based on HCL AppScan reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare HCL AppScan with alternative products

Learn more about HCL AppScan

HCL AppScan customers

Related questions

Product Categories

Popular Comparisons