Sparrow SAST

Sparrow SAST static analysis solution supports over 25 major programming languages and frameworks.

Java, JSP, C/C++, C#, Python, Swift, Rust, Go, TypeScript, Object-C, Kotlin, etc.

sast_1
sast_2

Comprehensive coverage

Improve the security and quality of software by complying with global security compliance guides and standard guides

CWE, OWASP, CERT, MISRA C/C++, BSSC C/C++, HIC C++ and more

Fast & accurate analysis

Minimize analysis time and increase work efficiency by utilizing advanced features, including real code-based remediation guides and issue filtering.

sast_3

Key Features

Analyze source code for security vulnerabilities quickly and accurately.
Fundamentally address cyberattacks with secure coding.

Powerful analysis

  • MVC structure analysis, associated file analysis, and analysis of function call relationship in various levels
  • Incremental analysis: Minimize analysis time by only analyzing newly added, modified files and their associated files
  • Support analysis via GUI, CLI, and Plugin

Advanced manageability

  • Issue navigator to track vulnerabilities from their origin to actual code
  • Automated real source code correction guide
  • Automated classification of vulnerabilities

Dashboard and statistics

  • The dashboard offers various information, including analysis, detection issues, risk levels, projects, etc.
  • Provides history and trend of analysis results
  • Provides statistics by project, by user, and by compliance

Web-based centralized management

  • Dashboard for analysis result management and statistics
  • Centralized rule (Checker) management based on information including risk levels, options, and others

Integration

  • Support integration with source code version control systems and other development environments
  • Automated management via integration with Build Management Tool (Continuous Integration) and Issue Tracking System (ITS)

Convenient Manageability & Reporting

  • Customizable report(PDF, Excel, Word, HWP)
  • Automatically differentiate new issues from old issues
  • Automatic identification of existing detection result status even if the source code line is changed
  • Prevent tampering and unauthorized use via exception request/approval process

Use Case

Brochure