Skip to main content

About Static Analysis

DerScanner offers the following capabilities:

  • Analysis of applications written in any of the following languages:

    ABAP, Apex, ASP.NET, Bash, C#, C/C++, COBOL, Dart, Delphi, GO, Groovy, HTML, Java, Java for Android, JavaScript, JSP, Kotlin, LotusScript, Objective-C, Pascal, PHP, PL/SQL, PowerShell, Python, Perl, Ruby, Rust, Scala, Solidity, Swift, T-SQL, TypeScript, VB 6.0, VB.NET, VBA, VBScript, Visual Basic, Vyper, XML, YAML, TOML, or 1C.

    Apps may be imported for analysis either as source/binary code files or downloaded directly from a repository. When app source code is unavailable, DerScanner can use executable files.

  • Android and iOS app analysis:

    Apps may be imported for analysis either as source/binary code files or downloaded directly from a repository. When app source code is unavailable, DerScanner can use executable files or even a link to the app from Google Play or the App Store respectively.

  • Configuration files analysis

  • Monitoring of app security level over time:

    DerScanner generates reports on project analysis results in PDF, HTML, CSV, or SARIF format which can be sent via e-mail. In addition, analysis results can be viewed and compared in the DerScanner web interface directly.

  • Recommendations on the protection tools setup (for web apps):

    DerScanner generates detailed recommendations for the setup of information protection tools in place, preventing the exploitation of certain vulnerabilities until they are removed.

  • Command Line Integration:

    DerScanner uses command line functionality to interact with Continuous Integration systems, enabling continuous and less time-consuming source code quality control. Moreover, DerScanner automatically checks on new software builds and can be integrated into the secure development lifecycle (SDLC).