Hexway Vampire ASPM (ASOC Platform for Secure Development)

Main article: DevSecOps

2025: Hexway ASOC Submission 2025.10.1

Hexway launched its Hexway ASOC 2025.10.1 product release on November 10, 2025. The main change is integration with LLM services (Large Language Models), which means a transition to intelligent application security management.

Hexway ASOC now supports both public services (ChatGPT, DeepSeek, GigaChat) and local models deployed in the customer's infrastructure, which guarantees full control over data.

LLM integration provides several use cases:

• Evaluation of false positives: AI helps determine whether the problem found is a real vulnerability or false positive.
• Explanation of risks: The model generates a brief and understandable description of the essence of the vulnerability and the level of its threat to business.
• Code analysis: LLM explains which piece of code is vulnerable and why.
• Remediation Recommendations: The system offers ready-made options for recommending and improving code.

You can imagine how much time the analyst spent on independent analysis, assessment, categorization of vulnerabilities, checking the data manually. The data for analysis can now be obtained from several LLMs. For example, select GigaChat from the drop-down list for the overall assessment, and then the local model, and compare the hypotheses. AI, upon request, provides preliminary analysis results in seconds.

We can say that we are introducing the first ASOC/ASPM class product on the market, which integrates with both public LLM services and local ones. But with this release, we do not want to pick up someone's work, we want to help remove the routine, - comments Vladimir Kozitsyn, Business Development Director of Hexway. - If we talk about a junior specialist, then before he could spend half a day to make out false positives, and now right in the AI interface he gives him a ready-made conclusion: here is a piece of code, that's why it can be critical, and here's how to fix it, but another piece is with 90% probability false positive. Of course, he will be able to accept this advice, or maybe not.

The release also includes updates aimed at improving efficiency and usability:

• Improved synchronization with task trackers: the ability to associate several vulnerabilities with one task in Jira, Kaiten and other systems and edit it directly from the Hexway ASOC interface.
• Ecosystem Extension: Added DAST scan results parsing from Solar appScreener to create a single security picture from SAST, SCA, and DAST results in a single window.
• Improved performance: The updated event handling engine enables faster start-up of processes and eliminates duplication of internal events.
• Migration simplification: A convenient interface for exporting data from DefectDojo is implemented, which speeds up and simplifies the transition to the Hexway ASOC platform.

The update is available to both new users and all existing customers who are already working with previous versions of the platform.