Page Comparison

On-premise install

Yes, further than Cloud

Source Code upload

Analyses will be always executed at client-side and source code never leaves the client machine

HTTPS / TLS

Yes, both

External M2M support

Yes, through REST API interface, profiled with User, Password and API Key

LDAP support

Supports LDAP, Microsoft Active Directory, ApacheDS, Fedora 389 Directory and NetIQ/Novell eDirectory

Local Users

Local users can be defined, i.e. technical support or admin users, for configuring all features available via REST API

Enhanced password checking, SSO and IAM

Through integration with most IAM solutions (IAMlight, oAuth, SAML, etc.)

Enhanced Profile management

Each non-local user is associated to a IAM profile, with different attributes for accessing different features depending on profile attributes. Anonymous access is forbidden

Source Code managed securely

Source code will be accessed at client side only, stored in secure temporary memory buffers, and in encrypted folders. At scan end, source code will be securely wiped both from memory and from encrypted folders

Extra User Effort required for scan tasks

The system has elevated automation level and does not require an extra effort nor a long leaning curve to fluent usage. See the video: FAQ

Support for most used lprogramming languages

Alversions likel desktop, command line, REST API and Dashboard are able to scan 40+ programming languages, mobile apps included. See: Static Reviewer

Software Composition Analysis

The system is able to scan application dependencies of third-party libries and frameworks, both for standalone, we and Mobile apps. See: Software Composition Analysis

Vulnerability Detection helpers

The system makes easy to detect, classify and understand the vulnerabilities found in the app. Each vulnerability is accompained from technical details and remediation helpers. See: FAQ Q. For each Security Vulnerability, which details are provided?

Multi-language scan

The system recognizes itself which are the programming languages used to develop the scanned app. See: Static Reviewer

Developer’s IDE Integration

A large number of IDE plugins are provided. See: IDE Plugins

Native DAST solution

The system includes a native DAST solution. Further, Team Reviewer correlates results of a number of third-party DAST. See: https://securityreviewer.atlassian.net/wiki/spaces/KC/pages/360493/Team+Reviewer#Results-Correlation

SDLC Integration

See: SDLC Integration

SCM and CI Plugins

The system provides native Jenkins and GitLab CI plugins. See: Static Reviewer

Further, it provides an integration with most of SCM solutions, GIT, SVN, Azure DevOps and PVCS included. See: SCM Integration

Change password mandatory at first access

Yes, configurable

Password expiration

Yes, configurable

Account protection

Enterprise Account data security relies to IAM. Local accounts are store in encrypted db tables

Sensitive data

The system does not store Legal, Personal, Network traffic, Localization, OLO data nor other SOAX data

Messages

The system never includes sensitive data inside Info, warning or Error messages

Obfuscated Code

The system does not include obfuscated source or binary code

Intellectual Property

The system makes use of explicit declared open source licenses. No Intellectual Properties are violated

Third-party components

The system makes use of up-to-date and vulnerability-free third-party components

Secure Coding

The system is implemented in compliance of Secure Coding standard like OWASP, WASC and CWE. Each new version is Static Analyized using Security Reviewer Static Analysis and Micro Focus Fortify.

Logging

Further than IAM logs, the systems provides access logs and event Static Reviewer