We added a bunch of new features to our products.
v6.02.01
In Q2-2023 we launched Cloud Reviewer, our SaaS version of Static Reviewer (SAST), SCA Reviewer and Dynamic Reviewer (DAST), and optionally Mobile Reviewer (MAST) and Firmware Reviewer, integrated to a Vulnerability Management system, based on Team Reviewer, full browser-based It provides real advantages over on-premises solutions. There is no hardware to purchase or software to maintain, no additional staff to manage your security solutions.
Cloud Reviewer can be deployed right away, and delivers results immediately to let you begin building ROI on day one. You have different options for preserving the access to your code. And Cloud Reviewer is constantly improving as the threat landscape evolves, helping to keep your defenses up to date without needing to constantly upgrade on-premise technology.
You can integrate Cloud Reviewer in your DevOps, using the Remote Scan, IDE Integration and Git Repository Integration features.
We have an agreement with some IaaS providers, in order to cover all the IT business Data Center locations worldwide. No Hidden costs, typical of Cloud solutions, no AWS, no Azure, no Google dependencies.
v6.02.01
Reserved to Customers with Enterprise Unlimited licences.
Volume licensing Customers must use the 5.01.04 version.
See the Release Notes
Our flagship product, Static Reviewer is available as Desktop, CLI, CI/CD plugin, IDE plugin and Cloud Reviewer plugin. It is available as Docker images package too.
Windows, Linux and macOS native versions based on .NET Core 7
New Compliance metrics
Other Compliance Standards are listed inside all Reports.
Support for Java 22 and TypeScript 5.2
New Rules for COBOL, Java, JavaScript, TypeScript, C, C++, Oracle APEX, ADABAS
Recursive FP optimization
Support for Papyrus and StreamWeaver-EngageOne programming languages
New patterns for Set massive FP
Enhanced management for False Positives and Accepted Risk
Enhanced Risk Indicators. Now part of standard package
v5.01.04
Volume licensing Customers must use this version.
See the Release Notes
Multilingual version: English, Italian, Spanish, German, Simplified Chinese, Ukraine and Russian. Translation kit is available
Scan Rules:
90+ new Rules for ABAP programming language, 50+ new Rules for JAVA, 30+ new Rules for .NET
30+ Rules for Natural and Oracle APEX
200+ new Rules for Terraform, CloudFormation, Ansible Tasks, github Actions, Dockerfile, Kubernetes
20+ new Rules for Azure, Amazon AWS and Google Cloud
20+ new Rules for Mobile
Support for Business SAP Pages, LUA, and Perl programming languages
Configurable Source Code Editor: Added Atom support. gedit, Notepad++, Sublime Text, Visual Studio Code, PSPad are also natively supported.
Tags field was added to Version-Engagement
Analyses can be searched by Application-Product, Auditor, and Tag
Settings can be filtered by Severity
Suppress Files feature has been enhanced
Enhanced compatibility checks during Incremental Analysis
New Analysis Options for storing Desktop preferences, like: ‘Paging’, ‘Show FP/AR’ and ‘Group by’
Enhancement about Accepted Risk, False Positives and Exclusion List inside Reports
New Report sections named ‘Analysis Options’ and ‘Languages Options’
Enhanced What If feature in Risk Indicators
Configurable Remediation Staff for Risk Indicators
Set as FP on Condition: Mark as False Positives all Findings based on pattern
New button ‘Open Source Code Folder’
Integration to Quality Reviewer Effort Estimation module (to be purchased separately)
Integration to SecureFlag live training platform (to be purchased separately)
Docker version, portable to any host
CLI’s new features are used by Desktop, Docker, IDE plugins and CI/CD plugins too.
Windows, Linux and macOS native versions based on .NET Core 7
Enhanced CLI: new arguments for SRCheck and SRsetOPT. New commands SRRulesAMR, SRExclusionsAMR, SRParamsAMR. New commands for IDE Plugins.
New Remote Scan CLI (TRScan)
New Findings: ISO 5055, Green Software, Cloud-Ready, Resilience (to be purchased separately). They can be audited both in Desktop and Team Reviewer
Support for CWE 4.9
Support for PCI-DSS v.4.0
v6.02.01
Reserved to Customers with Enterprise Unlimited licences.
Volume licensing Customers must use the 5.01.04 version.
See the Release Notes
Our Software Composition Analysis tool, named SCA Reviewer, provides a full coverage of third-party libraries/frameworks/scripts analysis, released as Desktop, CLI, CI/CD plugin and Cloud Reviewer plugin. It is available as Docker images package too.
Multi-OS native version written in .NET Core 7. Support for Windows, several flavours of Linux and macOS.
New SBOM export in 5 formats
Accepted Risk handling and inheritance
Support for <modules> in pom.xml
Support for Java 22
Docker version, portable to any host
v5.01.04
Volume licensing Customers must use this version.
See the Release Notes
Multilingual version: English, Italian, Spanish, Simplified Chinese and Russian. Translation kit is available
Custom Blacklists, both for Licenses and Libraries, controlled by the User
New Scan Policies for Outdated Libraries, Discontinued Libraries, Malware Detection, Ransomware Detection
Offline Mode (no Internet connection is required, Vulnerabilities DB can be updated in a different machine and transferred to the local machine via internal network)
New Filters in Findings:
CLI’s new features are used by Desktop, Docker and CI/CD plugins too.
New scanning engine, written in GO
Offline Mode: Vulnerability DB can downloaded by another machine in the local network. No internet connection is needed.
v6
See Release Notes
Our DAST product, Dynamic Reviewer, has been enhanced and elevated to an highest market category. It has been transformed from a light-PenTest Desktop tool to a full safe PenTest tool, web-based. Further than BlackBox Mode, we provide the WhiteBox Mode with all Modern Authentication Types (Form-based, JSON, Token-based, Script-based) , with multiple target URIs, micro-services PenTest (with White List), PenTest via Proxy and via VPN, with single or double SSH-tunneling. Further we provide Enterprise Reporting. You can define the Report output yourself by using a Word-based template. You can include Host Scanning too, using our own Network Scanner Tool, or by integrating to most useful Third-party products
New Web UI, based on Team Reviewer, inheriting Performances, Scalability, Monitoring, Logging and Multi-Tenancy
Dynamic Reviewer findings directly managed by Team Reviewer
WhiteBox Mode
Host Scanning
Multi-target URIs
Different kind of Connections to target (DIrect, Proxy, SSH-Tunnelling)
Docker version, portable to any host
v6
Reserved to Customers with Enterprise Unlimited licences. Volume licensing Customers must use Cloud Reviewer.
See Release Notes
Multi-Tenant enhancements
Enhanced User Groups hierarchy
New SAST Server Plugin, SCA Server Plugin, DAST Server Plugin (to be purchased separately)
Remote SAST scanning support for IDE plugins (to be purchased separately)
New Risk Indicators: ISO 5055, Cloud-Ready, Green Software (to be purchased separately)
Code Alerting System (CAS) (to be purchased separately)
CAS Update Framework (to be purchased separately)
Integration to SecureFlag live training platform (to be purchased separately)
Docker version, portable to any host