...
In 2023 we launched Cloud Reviewer, our SaaS version of Static Reviewer (SAST), SCA Reviewer and Dynamic Reviewer (DAST), and optionally Mobile Reviewer (MAST) and Firmware Reviewer, integrated to a Vulnerability Management system, based on Team Reviewer, full browser-based It provides real advantages over on-premises solutions. There is no hardware to purchase or software to maintain, no additional staff to manage your security solutions.
...
Cloud Reviewer can be deployed right away, and delivers results immediately to let you begin building ROI on day one. You have different options for preserving the access to your code. And Cloud Reviewer is constantly improving as the threat landscape evolves, helping to keep your defenses up to date without needing to constantly upgrade on-premise technology.
You can integrate Cloud Reviewer in your DevOps, using the Remote Scan, IDE Integration and Git Repository Integration features.
We have an agreement with some IaaS providers, in order to cover all the IT business Data Center locations worldwide. No Hidden costs, typical of Cloud solutions, no AWS, no Azure, no Google dependencies.
Static Reviewer
v6.00.03
Reserved to Customers with Enterprise Unlimited licences. Volume licensing Customers must use 5.01.04 version.
See the Release Notes
Our flagship product, Static Reviewer is available as Desktop, CLI, CI/CD plugin, IDE plugin and Cloud Reviewer plugin. It is available as Docker images package too.
...
Green Software
...
Cloud-Ready
...
v5.01.04
Volume licensing Customers must use this version.
See the Release Notes
Multilingual version: English, Italian, Spanish, German, Simplified Chinese, Ukraine and Russian. Translation kit is available
Scan Rules:
90+ new Rules for ABAP programming language, 50+ new Rules for JAVA, 30+ new Rules for .NET
30+ Rules for Natural and Oracle APEX
200+ new Rules for Terraform, CloudFormation, Ansible Tasks, github Actions, Dockerfile, Kubernetes
20+ new Rules for Azure, Amazon AWS and Google Cloud
20+ new Rules for Mobile
Support for Business SAP Pages, LUA, and Perl programming languages
Configurable Source Code Editor: Added Atom support. gedit, Notepad++, Sublime Text, Visual Studio Code, PSPad are also natively supported.
Tags field was added to Version-Engagement
Analyses can be searched by Application-Product, Auditor, and Tag
Settings can be filtered by Severity
Suppress Files feature has been enhanced
Enhanced compatibility checks during Incremental Analysis
New Analysis Options for storing Desktop preferences, like: ‘Paging’, ‘Show FP/AR’ and ‘Group by’
Enhancement about Accepted Risk, False Positives and Exclusion List inside Reports
New Report sections named ‘Analysis Options’ and ‘Languages Options’
Enhanced What If feature in Risk Indicators
Configurable Remediation Staff for Risk Indicators
Set as FP on Condition: Mark as False Positives all Findings based on pattern
...
Windows, Linux and macOS native versions based on .NET Core 7
Enhanced CLI: new arguments for SRCheck and SRsetOPT. New commands SRRulesAMR, SRExclusionsAMR, SRParamsAMR. New commands for IDE Plugins.
New Remote Scan CLI (TRScan)
New Findings: ISO 5055, Green Software, Cloud-Ready, Resilience (to be purchased separately). They can be audited both in Desktop and Team Reviewer
Support for CWE 4.9
Support for PCI-DSS v.4.0
SCA Reviewer
v6.00.03
Reserved to Customers with Enterprise Unlimited licences. Volume licensing Customers must use 5.01.04 version.
See the Release Notes
Our Software Composition Analysis tool, named SCA Reviewer, provides a full coverage of third-party libraries/frameworks/scripts analysis, released as Desktop, CLI, CI/CD plugin and Cloud Reviewer plugin. It is available as Docker images package too.
...
Support for <modules> in pom.xml
Support for Java 22
Docker version, portable to any host
v5.01.04
Volume licensing Customers must use this version.
See the Release Notes
Multilingual version: English, Italian, Spanish, Simplified Chinese and Russian. Translation kit is available
Custom Blacklists, both for Licenses and Libraries, controlled by the User
New Scan Policies for Outdated Libraries, Discontinued Libraries, Malware Detection, Ransomware Detection
Offline Mode (no Internet connection is required, Vulnerabilities DB can be updated in a different machine and transferred to the local machine via internal network)
New Filters in Findings:
...
New Web UI, based on Team Reviewer, inheriting Performances, Scalability, Monitoring, Logging and Multi-Tenancy
Dynamic Reviewer findings directly managed by Team Reviewer
WhiteBox Mode
Host Scanning
Multi-target URIs
Different kind of Connections to target (DIrect, Proxy, SSH-Tunnelling)
Docker version, portable to any host
Team Reviewer
v5
Reserved to Customers with Enterprise Unlimited licences. Volume licensing Customers must use Cloud Reviewer.
See Release Notes
Multi-Tenant enhancements
Enhanced User Groups hierarchy
New SAST Server Plugin, SCA Server Plugin, DAST Server Plugin (to be purchased separately)
Remote SAST scanning support for IDE plugins (to be purchased separately)
New Risk Indicators: ISO 5055, Cloud-Ready, Green Software (to be purchased separately)
Code Alerting System (CAS) (to be purchased separately)
CAS Update Framework (to be purchased separately)
Integration to SecureFlag live training platform (to be purchased separately)
Docker version, portable to any host
...