Intelligent static application security testing solution
Find and fix security vulnerabilities at the speed of DevOps.
Languages & compliance
  • Support over 20 languages including Java, JSP, C/C++, C#, Python, Swift, ASP(.NET), ABAP, Object C, etc.
  • Complies with global security compliances guides and standards
Fast & accurate analysis
  • MVC structure analysis, associated file analysis, and analysis of function call relationship in various levels
  • Incremental analysis: Minimize analysis time by only analyzing newly added, modified files and their associated files
  • Interact with other Sparrow AST solutions (DAST, RASP) to identify correlation among vulnerabilities and improve search results
Advanced manageability
  • Issue navigator to track and follow vulnerabilities from its origin to actual code
  • Automated real source code correction guide
  • Automated classification of vulnerabilities
Compliance regulation
CWE
OWASP
CERT
MISRA C/C++
MSSC C/C++
HIC C++ and more
Key Feature
Web-based centralized management
  • Dashboard for analysis result management and statistics
  • Centralized rule (Checker) management based on information including risk levels, option and other.
Integration
  • Transfer control via integration with source code version control systems
  • Automated management via integration with Build Management Tool (Continuous Integration) and Issue Tracking System (ITS)
  • By interacting with DAST and RASP, detect vulnerability during program operation to improve vulnerability detection
Dashboard and statistics
  • Dashboard offers various information including analysis, detection issues, risk levels, projects, etc.
  • History and trend of analysis results by period
  • Provides statistics by project, by user and by compliances
Customizable report
  • Edit project summary, analysis file information, results by risk levels, etc.
  • Reports (PDF, Excel, Word, HWP)
Analysis history management
  • Automatically differentiate new issues from old issues
  • Automatic identification of existing detection result status even if source code line changes
  • Prevent tempering and unauthorized use via exception request/approval process
Analysis methods
  • Easy to use GUI that enables analysis with a simple click
  • CLI that enables batch and scheduling analysis
  • Plugin that can be installed in development IDE to enable analysis and result checking
  • Simple drag and drop analysis via web management system without separate client program
Use Case
Flexible integration with process and development environment
Integration with developer IDEs
Integration with version control systems
Integration with build systems
How to purchase
On-Premises
Perpetual license, Basic (5 Users)
Supported Environment
Category Details
Server OS
Windows Server 2000 or higher
Ubuntu 8.04 or higher
Redhat Linux 5 or higher
Fedora 8 or higher
CentOS 5 or higher
DB
PostgreSQL (Embedded)
Client OS
Windows XP or higher
Ubuntu 8.04 or higher
Redhat Linux 5 or higher
Fedora 8 or higher
CentOS 5 or higher
AIX 5.1 or higher
HP_UX 11.x or higher
SUN_OS 5.6 or higher
MAC_OS 10.6 or higher
Plug in
Eclipse (3.2 or higher)
Visual Studio (2005~2015)
Proframe Studio
IntelliJ, Android Studio
Eclipse Based Tool (IBM RAD etc.)
Language
Support Unicode
Multilingual UI support (English / Japanese / Korean)
Hardware Specification
Category Details
Server Client
CPU
Quad Core 2.5GHz or faster
Dual Core 2GHz or faster
RAM
16GB or larger
2GB or larger
HDD
300GB or larger
500MB + (2 * Size of source code)
Other supported Environment
Category Details
Languages
  • C/C++
  • Android Java
  • Java
  • Objective-C
  • JSP
  • HTML
  • C#
  • SQL
  • XML
  • ABAP
  • PHP
  • ASP.NET
  • Python
  • VB.NET
  • Swift
  • Javascript
  • Apex
  • VBScript
  • Visualforce
  • XSL
  • etc.
Framework
Java: Spring Framework, iBATIS, MyBatis, Struts2, eGovernment Framework
C: Tmax Proframe
C#: ASP.NET MVC