Security Reviewer Static Reviewer

Basic Information
Software license
Proprietary
Hosting
Self-Hosted, SaaS
Supported operating systems
Linux, Windows
Process Integration
Deployment model
Workstation, CI Server, Standalone Server
Analysis inputs
Pre-compiled binary, Compilation along with all dependencies, Source code
SCM Integration
CVS, Git, Subversion
Display results in IDE
Eclipse, IntelliJ IDEA, NetBeans, Visual Studio, VS Code
Live analysis & feedback while coding in IDE
Eclipse, IntelliJ IDEA, NetBeans, Visual Studio, VS Code
CI Integration
Ant, Azure DevOps, Bamboo, CircleCI, GitLab CI, Go CD, Gradle, Hudson, Jenkins, Maven, TeamCity, Travis CI, Ansible, Appveyor, CodEnvy, Puppet, Apache Gump, CruiseControl, Vexor, Concourse-CI, IBM UrbanCode AnthillPro
Able to analyze incremental changes to code (commit, patch, pull request)
API method to report results in XML/JSON/CSV format
Coverage
Supported programming languages
.NET, ABAP, ActionScript, Angular, ASP, ASPX, Auto-IT, Bash, BPEL, BPMN, C, C#, C++, Clojure, COBOL, CSS, Flex, Go, Groovy, HTML, Java, JavaScript, JCL, JSON, JSP, Kotlin, Lua, Objective-C, Objective-C++, Pascal, PHP, PL/I, PL-SQL, PowerBuilder, Powershell, Python, R, RPG, Ruby, Rust, SAP-HANA, Scala, Shell, SQL, Swift, Transact-SQL, TypeScript, VB.NET, VB6, VBScript, Visual Basic, XML, XPath
Supported development frameworks
.NET Core, ASP.NET, Node.js, Spring, Struts2
Supported binary formats
APK, BIN, DLL, EXE
Claimed Weakness Coverage
Claimed Weakness Coverage information hasn't been collected yet for this analyzer.
Really want it? Let us know.
Checker Customization
Can disable checkers
Speed & Scalability
Parallelizes on one host
Results Quality
Provides explanation of warning
Provides severity of warning
Provides confidence information about warning
Provides code context around warning
Provides control flow context for warning
Provides data flow context for warning
Provides code coverage information per checker
Reporting
Results suppression even after code changes
Show differences in results set to previous scan
Integration with external remediation bug tracker
GitHub, Jira, ServiceNow ITSM, Splunk
Graphical user interface (GUI)
Ability to search results
Hierarchical reporting for multiple projects, teams, departments, etc.
Filter results by compliance standard
CWE/SANS Top 25 Most Dangerous Software Errors (2011), OWASP Top Ten (2013), OWASP Top Ten (2017), PCI DSS 3.1
Centralized reporting
Support
Installation guide or documentation
User/operator guide or documentation
Integration guide or API documentation
Loading...