Intelligent static application security testing solution
Find and fix security vulnerabilities at the speed of DevOps.
Languages & compliance
- Support over 20 languages including Java, JSP, C/C++, C#, Python, Swift, ASP(.NET), ABAP, Object C, etc.
- Complies with global security compliances guides and standards
Fast & accurate analysis
- MVC structure analysis, associated file analysis, and analysis of function call relationship in various levels
- Incremental analysis: Minimize analysis time by only analyzing newly added, modified files and their associated files
- Interact with other Sparrow AST solutions (DAST, RASP) to identify correlation among vulnerabilities and improve search results
Advanced manageability
- Issue navigator to track and follow vulnerabilities from its origin to actual code
- Automated real source code correction guide
- Automated classification of vulnerabilities
Compliance regulation
CWE
OWASP
CERT
MISRA C/C++
MSSC C/C++
HIC C++ and more
Key Feature
Web-based
centralized management
- Dashboard for analysis result management and statistics
- Centralized rule (Checker) management based on information including risk levels, option and other.
Integration
- Transfer control via integration with source code version control systems
- Automated management via integration with Build Management Tool (Continuous Integration) and Issue Tracking System (ITS)
- By interacting with DAST and RASP, detect vulnerability during program operation to improve vulnerability detection
Dashboard and statistics
- Dashboard offers various information including analysis, detection issues, risk levels, projects, etc.
- History and trend of analysis results by period
- Provides statistics by project, by user and by compliances
Customizable report
- Edit project summary, analysis file information, results by risk levels, etc.
- Reports (PDF, Excel, Word, HWP)
Analysis history management
- Automatically differentiate new issues from old issues
- Automatic identification of existing detection result status even if source code line changes
- Prevent tempering and unauthorized use via exception request/approval process
Analysis methods
- Easy to use GUI that enables analysis with a simple click
- CLI that enables batch and scheduling analysis
- Plugin that can be installed in development IDE to enable analysis and result checking
- Simple drag and drop analysis via web management system without separate client program
Use Case
Flexible integration with process and development environment
Integration with developer IDEs
Integration with version control systems
Integration with build systems
How to purchase
On-Premises
Perpetual license, Basic (5 Users)
Supported Environment
| Category | Details | |
|---|---|---|
| Server | OS | Windows Server 2000 or higher Ubuntu 8.04 or higher Redhat Linux 5 or higher Fedora 8 or higher CentOS 5 or higher |
| DB | PostgreSQL (Embedded) |
|
| Client | OS | Windows XP or higher Ubuntu 8.04 or higher Redhat Linux 5 or higher Fedora 8 or higher CentOS 5 or higher AIX 5.1 or higher HP_UX 11.x or higher SUN_OS 5.6 or higher MAC_OS 10.6 or higher |
| Plug in | Eclipse (3.2 or higher) Visual Studio (2005~2015) Proframe Studio IntelliJ, Android Studio Eclipse Based Tool (IBM RAD etc.) |
|
| Language | Support Unicode Multilingual UI support (English / Japanese / Korean) |
|
Hardware Specification
| Category | Details | |
|---|---|---|
| Server | Client | |
| CPU | Quad Core 2.5GHz or faster |
Dual Core 2GHz or faster |
| RAM | 16GB or larger |
2GB or larger |
| HDD | 300GB or larger |
500MB + (2 * Size of source code) |
Other supported Environment
| Category | Details |
|---|---|
| Languages |
|
| Framework | Java: Spring Framework, iBATIS, MyBatis, Struts2, eGovernment Framework C: Tmax Proframe C#: ASP.NET MVC |