Intelligent static application security testing solution

Find and fix security vulnerabilities at the speed of DevOps.

Static application security testing, Sparrow SAST
Comprehensive coverage(Java, C/C++, ABAP, Swift, Objective C, etc)
Languages & compliance
  • Support over 20 languages including Java, JSP, C/C++, C#, Python, Swift, ASP(.NET), ABAP, Object C, Kotlin, etc.
  • Complies with global security compliances guides and standards
Powerful application security analysis
Fast & accurate analysis
  • MVC structure analysis, associated file analysis, and analysis of function call relationship in various levels
  • Incremental analysis: Minimize analysis time by only analyzing newly added, modified files and their associated files
  • Interact with other Sparrow AST solutions (DAST, RASP) to identify correlation among vulnerabilities and improve search results
Automated analysis and fix guide
Advanced manageability
  • Issue navigator to track and follow vulnerabilities from its origin to actual code
  • Automated real source code correction guide
  • Automated classification of vulnerabilities
Gartner Magic Quadrant for Application Security Testing
CC certification
InfoSecurity award
OWASP benchmark score
Compliance regulation
HIC C++ and more
Key Feature
Integrated management
Web-based centralized management
  • Dashboard for analysis result management and statistics
  • Centralized rule (Checker) management based on information including risk levels, option and other.
Integration with Build management tool, IDE, CICD, ITS, etc
  • Transfer control via integration with source code version control systems
  • Automated management via integration with Build Management Tool (Continuous Integration) and Issue Tracking System (ITS)
  • By interacting with DAST and RASP, detect vulnerability during program operation to improve vulnerability detection
Analysis results dashboard and statistics
Dashboard and statistics
  • Dashboard offers various information including analysis, detection issues, risk levels, projects, etc.
  • History and trend of analysis results by period
  • Provides statistics by project, by user and by compliances
Customizable reports
Customizable report
  • Edit project summary, analysis file information, results by risk levels, etc.
  • Reports (PDF, Excel, Word, HWP)
Analysis results and log management
Analysis history management
  • Automatically differentiate new issues from old issues
  • Automatic identification of existing detection result status even if source code line changes
  • Prevent tempering and unauthorized use via exception request/approval process
Powerful analysis
Analysis methods
  • Easy to use GUI that enables analysis with a simple click
  • CLI that enables batch and scheduling analysis
  • Plugin that can be installed in development IDE to enable analysis and result checking
  • Simple drag and drop analysis via web management system without separate client program
Use Case
Flexible integration with process and development environment
IDE integration
Integration with developer IDEs
Version control system integration
Integration with version control systems
Build system integration
Integration with build systems
How to purchase
Perpetual license, Basic (5 Users)
Supported Environment
Category Details
Server OS
Windows Server 2000 or higher
Ubuntu 8.04 or higher
Redhat Linux 5 or higher
Fedora 8 or higher
CentOS 5 or higher
PostgreSQL (Embedded)
Client OS
Windows XP or higher
Ubuntu 8.04 or higher
Redhat Linux 5 or higher
Fedora 8 or higher
CentOS 5 or higher
AIX 5.1 or higher
HP_UX 11.x or higher
SUN_OS 5.6 or higher
MAC_OS 10.6 or higher
Plug in
Eclipse (3.2 or higher)
Visual Studio (2010~2019)
Proframe Studio
IntelliJ, Android Studio
Eclipse Based Tool (IBM RAD etc.)
Visual Studio Code
Support Unicode
Multilingual UI support (English / Japanese / Korean)
Hardware Specification
Category Details
Server Client
Quad Core 2.5GHz or faster
Dual Core 2GHz or faster
16GB or larger
2GB or larger
300GB or larger
500MB + (2 * Size of source code)
Other supported Environment
Category Details
  • C/C++
  • Android Java
  • Java
  • Objective-C
  • JSP
  • HTML
  • C#
  • SQL
  • XML
  • ABAP
  • PHP
  • Python
  • VB.NET
  • Swift
  • Javascript
  • Apex
  • VBScript
  • Visualforce
  • XSL
  • Kotlin
  • etc.
Java: Spring Framework, iBATIS, MyBatis, Struts2, eGovernment Framework
C: Tmax Proframe