Secure your code
Stat! gives you the information you need to secure your code without distracting you from core development.
Even the most careful developers can’t write flawless, vulnerability-free code, simply because new weaknesses are constantly discovered. That’s why you need to analyze your code. Welcome to SAST—Static Application Security Testing. This is the process of analyzing your source code in search of known weaknesses that attackers can exploit.
But how should you do that? Getting started with an in-house SAST program is hard. Manual code review is a good step, and one that you should always include, but doing it for your entire code base takes way too long. You need tools that can read and analyze your code for you. Fortunately, there are many such tools, but which ones are right for you, your programming languages, and your application?
You also don’t want to wait until the end to analyze your code—you need something that can scan your software throughout the development process, so you don’t get stuck with a long list of security holes to fix a week before you launch.
Stat! by Code Dx handles all of that for you. Stat! includes fifteen different static application security testing (SAST) tools, and chooses the best ones to use automatically. Just feed in your source code, and Stat! will identify your programming languages (even if you use more than one), run the scans, then combine the results from all of the tools into a single list. Each identified weakness is linked to the specific location within your source code, so you’ll know exactly where the problem is. Stat! also checks third-party libraries for known vulnerabilities.
Stat! doesn’t just help you find problems, it helps you solve them. Stat! integrates with your development tools, and reports issues right to your developers directly in their development environment. It even pairs up with JIRA to automatically create tickets, which helps you assign and track the status of each issue. If you have ever thought of adopting continuous integration (or if you’re already doing that), Stat! helps make that a whole lot easier.
Combine and prioritize
Stat! automatically picks the right tools for your application, then combines their results for easy resolution.
Frankly, getting started with AppSec is hard. To do that, you’d need to research the right tools, download, set up, and configure each of them, learn how to use them, and then take the results of each and compare them to one another. Depending upon where you are in development, this can drag your progress to a screeching halt. Can your development cycle afford to spend weeks or months just getting the security process started?
Stat! handles this entire process for you. All the tools you need to secure your source code come pre-installed, and the results of each one are correlated to one another. Even better, it maps all of the security flaws to a single, unified severity scale, so you can prioritize which vulnerability gets fixed first.
Stat! key features
- Automatically installs a collection of open-source SAST tools that together scan over 1,500 security and quality rules across multiple programming languages
- Automatically configures and runs the right SAST tools for your code, based on the programming languages you use. Just feed your source code to Stat! and it does the rest.
- Checks third-party software component libraries to make sure there aren’t any known vulnerabilities
- Combines the output of multiple SAST tools into a single set of results with a common nomenclature, with no duplicate entries
- Maps results to the Common Weakness Enumeration (CWE) and other industry standards
- Maps results to OWASP Top 10, SANS 25 and other industry standards
- Links correlated flaws and vulnerabilities to specific lines of code
- Integrates with the popular JIRA issue tracker
- Embeds in the Jenkins continuous integration environment, and integrates to other build servers with its REST API
- Generates CSV, XML, and PDF assessment reports
- Lets you organize and filter your results based on a variety of parameters including severity, category, tools, and many more