Basic Information
Tool first release date
2021-03-01
Version release date
2022-11-02
Software cost
Paid
Software license
Proprietary
Hosting
Self-Hosted
Supported operating systems
macOS, Linux, Windows
Tool website
Process Integration
Deployment model
Workstation, Standalone Server
Analysis inputs
Source code
SCM Integration
Git
Display results in IDE
None
Live analysis & feedback while coding in IDE
None
CI Integration
Generic command line interface (CLI), Azure DevOps, Bitbucket Server
Able to analyze incremental changes to code (commit, patch, pull request)
Can schedule scans
API method to report results in SARIF format
API method to report results in XML/JSON/CSV format
Coverage
Supported programming languages
.NET, ABAP, Angular, ASP, ASPX, C, C#, C++, Go, Java, JavaScript, JSON, JSP, Kotlin, Objective-C, Perl, PHP, PL-SQL, Powershell, Python, Ruby, SQL, Swift, TypeScript, VB.NET, VB6, VBScript, Visual Basic, XML, YAML
Supported development frameworks
ASP.NET, MVC, Node.js, Spring
Supported binary formats
APK, DLL, EXE
Claimed Weakness Coverage
Claimed Weakness Coverage information hasn't been collected yet for this analyzer.
Really want it? Let us know.
Really want it? Let us know.
Checker Customization
Can disable checkers
Can customize checker logic
Speed & Scalability
Parallelizes on one host
Parallelizes across more than one host
Scan duration times courtesy of the
OWASP Benchmark v1.2beta
Scans in less than 30 seconds
Results Quality
Provides explanation of warning
Provides severity of warning
Provides confidence information about warning
Provides code context around warning
Provides control flow context for warning
Provides data flow context for warning
Provides code coverage information per checker
Reporting
Results suppression even after code changes
Show differences in results set to previous scan
Integration with external remediation bug tracker
None
Two-way data sync with external remediation bug tracker
Graphical user interface (GUI)
Ability to search results
Results remediation workflow
Hierarchical reporting for multiple projects, teams, departments, etc.
Filter results by compliance standard
CERT C Secure Coding Standards, CERT C++ Secure Coding Standards, CERT Java Secure Coding Standards, CWE/SANS Top 25 Most Dangerous Software Errors (2011), NIST 800-53 Revision 4, OWASP Mobile Top 10, OWASP Top Ten (2013), OWASP Top Ten (2017), PCI DSS 3.1
Centralized reporting
Support
Installation guide or documentation
User/operator guide or documentation
Integration guide or API documentation
