About Static Analysis

DerScanner offers the following capabilities:

Analysis of applications written in any of the following languages:

ABAP, Apex, ASP.NET, Bash, C#, C/C++, COBOL, Dart, Delphi, GO, Groovy, HTML, Java, Java for Android, JavaScript, JSP, Kotlin, LotusScript, Objective-C, Pascal, PHP, PL/SQL, PowerShell, Python, Perl, Ruby, Rust, Scala, Solidity, Swift, T-SQL, TypeScript, VB 6.0, VB.NET, VBA, VBScript, Visual Basic, Vyper, XML, YAML, TOML, or 1C.

Apps may be imported for analysis either as source/binary code files or downloaded directly from a repository. When app source code is unavailable, DerScanner can use executable files.
Android and iOS app analysis:

Apps may be imported for analysis either as source/binary code files or downloaded directly from a repository. When app source code is unavailable, DerScanner can use executable files.
Configuration files analysis
AI-powered vulnerability triage (DerTriage) and patching (DerCodeFix)
Monitoring of app security level over time:

DerScanner generates reports on analysis results in PDF, HTML, CSV, or SARIF. Analysis results can be viewed and compared directly in DerScanner, or sent over email, or exported to other tools.
Recommendations on the protection tools setup (for web apps):

DerScanner generates detailed recommendations for the setup of information protection tools in place (like WAFs), preventing the exploitation of certain vulnerabilities until they are removed.
Command Line Integration:

DerScanner uses command line functionality to interact with Continuous Integration systems, enabling automated and time-effective code quality control. Moreover, DerScanner automatically checks on new software builds and can be integrated into the secure development lifecycle (SSDLC).

In addition to SAST, DerScanner can perform Code Quality analysis for JavaScript, TypeScript, Delphi, and Pascal applications, providing quality assessments that help identify potential issues and improve code maintenance over time.