We added a bunch of new features to our products.

Cloud Reviewer

v6.02.01

In Q2-2023 we launched Cloud Reviewer, our SaaS version of Static Reviewer (SAST), SCA Reviewer and Dynamic Reviewer (DAST), and optionally Mobile Reviewer (MAST) and Firmware Reviewer, integrated to a Vulnerability Management system, based on Team Reviewer, full browser-based It provides real advantages over on-premises solutions. There is no hardware to purchase or software to maintain, no additional staff to manage your security solutions.

Open

Cloud Reviewer can be deployed right away, and delivers results immediately to let you begin building ROI on day one. You have different options for preserving the access to your code. And Cloud Reviewer is constantly improving as the threat landscape evolves, helping to keep your defenses up to date without needing to constantly upgrade on-premise technology.

You can integrate Cloud Reviewer in your DevOps, using the Remote Scan, IDE Integration and Git Repository Integration features.

We have an agreement with some IaaS providers, in order to cover all the IT business Data Center locations worldwide. No Hidden costs, typical of Cloud solutions, no AWS, no Azure, no Google dependencies.

Static Reviewer

v6.02.01

Reserved to Customers with Enterprise Unlimited licences.

Volume licensing Customers must use the 5.01.04 version.

See the Release Notes

Our flagship product, Static Reviewer is available as Desktop, CLI, CI/CD plugin, IDE plugin and Cloud Reviewer plugin. It is available as Docker images package too.

Desktop

• Windows, Linux and macOS native versions based on .NET Core 7

• New Compliance metrics

Compliance - OWASP

Open

Compliance - 2022 CWE-SANS Top 25

Compliance - Top 10 Worst Files

Compliance - PCI DSS 4.0

Other Compliance Standards are listed inside all Reports.

• Support for Java 22 and TypeScript 5.2

• New Rules for COBOL, Java, JavaScript, TypeScript, C, C++, Oracle APEX, ADABAS

• Recursive FP optimization

• Support for Papyrus and StreamWeaver-EngageOne programming languages

• New patterns for Set massive FP

• Enhanced management for False Positives and Accepted Risk

• Enhanced Risk Indicators. Now part of standard package

ISO 5055

Green Software

Cloud-Ready

v5.01.04

Volume licensing Customers must use this version.

See the Release Notes

• Multilingual version: English, Italian, Spanish, German, Simplified Chinese, Ukraine and Russian. Translation kit is available

• Scan Rules:

  • 90+ new Rules for ABAP programming language, 50+ new Rules for JAVA, 30+ new Rules for .NET

  • 30+ Rules for Natural and Oracle APEX

  • 200+ new Rules for Terraform, CloudFormation, Ansible Tasks, github Actions, Dockerfile, Kubernetes

  • 20+ new Rules for Azure, Amazon AWS and Google Cloud

  • 20+ new Rules for Mobile

• Support for Business SAP Pages, LUA, and Perl programming languages

• Configurable Source Code Editor: Added Atom support. gedit, Notepad++, Sublime Text, Visual Studio Code, PSPad are also natively supported.

• Tags field was added to Version-Engagement

• Analyses can be searched by Application-Product, Auditor, and Tag

• Settings can be filtered by Severity

• Suppress Files feature has been enhanced

• Enhanced compatibility checks during Incremental Analysis

• New Analysis Options for storing Desktop preferences, like: ‘Paging’, ‘Show FP/AR’ and ‘Group by’

• Enhancement about Accepted Risk, False Positives and Exclusion List inside Reports

• New Report sections named ‘Analysis Options’ and ‘Languages Options’

• Enhanced What If feature in Risk Indicators

• Configurable Remediation Staff for Risk Indicators

• Set as FP on Condition: Mark as False Positives all Findings based on pattern

• New button ‘Open Source Code Folder’

• Integration to Quality Reviewer Effort Estimation module (to be purchased separately)

• Integration to SecureFlag live training platform (to be purchased separately)

• Docker version, portable to any host

Command Line Interface (CLI)

CLI’s new features are used by Desktop, Docker, IDE plugins and CI/CD plugins too.

• Windows, Linux and macOS native versions based on .NET Core 7

• Enhanced CLI: new arguments for SRCheck and SRsetOPT. New commands SRRulesAMR, SRExclusionsAMR, SRParamsAMR. New commands for IDE Plugins.

• New Remote Scan CLI (TRScan)

• New Findings: ISO 5055, Green Software, Cloud-Ready, Resilience (to be purchased separately). They can be audited both in Desktop and Team Reviewer

• Support for CWE 4.9

• Support for PCI-DSS v.4.0

SCA Reviewer

v6.02.01

Reserved to Customers with Enterprise Unlimited licences.

Volume licensing Customers must use the 5.01.04 version.

See the Release Notes

Our Software Composition Analysis tool, named SCA Reviewer, provides a full coverage of third-party libraries/frameworks/scripts analysis, released as Desktop, CLI, CI/CD plugin and Cloud Reviewer plugin. It is available as Docker images package too.

Desktop

• Multi-OS native version written in .NET Core 7. Support for Windows, several flavours of Linux and macOS.

• New SBOM export in 5 formats

• Accepted Risk handling and inheritance

• Support for <modules> in pom.xml

• Support for Java 22

• Docker version, portable to any host

v5.01.04

Volume licensing Customers must use this version.

See the Release Notes

• Multilingual version: English, Italian, Spanish, Simplified Chinese and Russian. Translation kit is available

• Custom Blacklists, both for Licenses and Libraries, controlled by the User

• New Scan Policies for Outdated Libraries, Discontinued Libraries, Malware Detection, Ransomware Detection

• Offline Mode (no Internet connection is required, Vulnerabilities DB can be updated in a different machine and transferred to the local machine via internal network)

• New Filters in Findings:

Command Line Interface (CLI)

CLI’s new features are used by Desktop, Docker and CI/CD plugins too.

• New scanning engine, written in GO

• Offline Mode: Vulnerability DB can downloaded by another machine in the local network. No internet connection is needed.

Dynamic Reviewer

v6

See Release Notes

Our DAST product, Dynamic Reviewer, has been enhanced and elevated to an highest market category. It has been transformed from a light-PenTest Desktop tool to a full safe PenTest tool, web-based. Further than BlackBox Mode, we provide the WhiteBox Mode with all Modern Authentication Types (Form-based, JSON, Token-based, Script-based) , with multiple target URIs, micro-services PenTest (with White List), PenTest via Proxy and via VPN, with single or double SSH-tunneling. Further we provide Enterprise Reporting. You can define the Report output yourself by using a Word-based template. You can include Host Scanning too, using our own Network Scanner Tool, or by integrating to most useful Third-party products

• New Web UI, based on Team Reviewer, inheriting Performances, Scalability, Monitoring, Logging and Multi-Tenancy

• Dynamic Reviewer findings directly managed by Team Reviewer

• WhiteBox Mode

• Host Scanning

• Multi-target URIs

• Different kind of Connections to target (DIrect, Proxy, SSH-Tunnelling)

• Docker version, portable to any host

Team Reviewer

v6

Reserved to Customers with Enterprise Unlimited licences. Volume licensing Customers must use Cloud Reviewer.

See Release Notes

• Multi-Tenant enhancements

• Enhanced User Groups hierarchy

• New SAST Server Plugin, SCA Server Plugin, DAST Server Plugin (to be purchased separately)

• Remote SAST scanning support for IDE plugins (to be purchased separately)

• New Risk Indicators: ISO 5055, Cloud-Ready, Green Software (to be purchased separately)

• Code Alerting System (CAS) (to be purchased separately)

• CAS Update Framework (to be purchased separately)

• Integration to SecureFlag live training platform (to be purchased separately)

• Docker version, portable to any host