FAQ

Owned by David Syman (Unlicensed)
Last updated: May 31, 2023 by Marco Security
19 min read

Discover how simple is using our products, watch the following videos:

Run a scan

Manage Findings

 

Reports

 

Common FAQ

Q. What is your license policy?

Security Reviewer Static Analysis and Software Composition Analysis license policies are for unlimited users, unlimited clients, unlimited servers, unlimited analyses and unlimited lines of code. Only you have to specify the IP range on which Security Reviewer will run. Buying unlimited licenses includes 1 year of support and maintenance. Additional support and maintenance years must be purchased separately. Special prices will be applied for 3 years or more of additional support and maintenance. A special bid for a limited scans (50, 100 per year) exists only for Static Analysis Desktop Edition. See: Code Inspection or Software Composition Analysis FAQ below.

Q. Do Security Reviewer products require hardware components?

No. Security Reviewer products are made of 100% software components

Q. Do Security Reviewer products or components rely on other software vendors?

All Security Reviewer software components are made by Security Reviewer itself. Only updated and secured versions 3rd-party libraries are used. See: https://securityreviewer.atlassian.net/wiki/spaces/KC/pages/681934865 All support and maintenance tasks are provided by Security Reviewer and its Resellers network. No other vendors are involved

Q. Security Reviewer products are secure coded?

All Security Reviewer software are implemented in compliance of Secure Coding standard like OWASP, WASC and CWE. Each new version is Static Analyzed using Security Reviewer Static Analysis and open source and commercial tools like Fortify.

Q. What does Support & Maintenance services provide?

Our Support Team will understand your existing Continuous Integration environment, optimize Security Reviewer integration and make sure that you get maximum value from your investment. Support provides a 8x5 or 24x7 service, depending on your https://securityreviewer.atlassian.net/wiki/spaces/KC/pages/2442100737 Contract. A Service Desk is included, via a web ticketing system, via e-mail or via telephone calls, depending on your contract. Maintenance service provides products updates and patching on monthly basis. Patching is done for bug-fixing with a response time from 3 to 48 hours depends on your Contract

Q. Which Support & Maintenance contracts do you provide?

Q. Which Programming Languages are supported?

Q. Do Security Reviewer products support virtualization?

Q. What about Compliance?

Q. How can I submit an Enhancement Request?

Q. Do you have a Certification Program?

Q. How can I contact a Distributor?

Code Inspection FAQ

Q. Which Editions are available?

Q. Which Infrastructure is required for running your products?

Q. Which Virtualization Platforms are supported by Static Analysis?

Q. Which Operative Systems are supported by Static Analysis?

Q. What is the Database role in Static Analysis?

Q. Is Internet access required?

Q. Which Security Rules are supported in the Static Analysis?

Q. How Security Rules are maintained up-to-date?

Q. For each Security Vulnerability, which details are provided?

CI Plugins FAQ

Q. Which Infrastructure is required for running your CI plugins?

Q. On Users, Clients or Servers growing, what have I to do ?

Q. Where can I find CI Plugins manual?

Q. Which Virtualization Platforms are supported?

Q. Which Operative Systems are supported?

Q. Which Cloud DevOps Platforms are supported?

Q. What is the Database role in your solutions?

Q. Do I need to Backup and Restore Data and Configurations?

Q. Can your products retrieve Data and Configurations from a Network File System?

Q. How can I install your CI Plugins?

Q. May I use an internal Proxy when Internet access is required?

Q. If new features will be available, is there an additional cost?

Q. Do you have Logging features?

Q. Can run in a Docker Image?

Q. Can run in Multi-tenancy?

Q. Which Package Managers are supported?

Q. Which Security Rules are supported in the Static Analysis?

Q. How Security Rules are maintained up-to-date?

Q. For each Security Vulnerability, which details are provided?

Q. When a Vulnerable Library/Framework is detected an alternative is suggested?

Q. May I continuously monitor the Libraries / Frameworks vulnerabilities?

Q. Do you analyze Container Images?

Q. May I isolate a vulnerable Library/Framework, for avoid its publishing?

Q. Do you support CI pipelines?

Q. Further to CI Plugins, do you have a GUI interface?

Q. May I separate Dev, Stage and Production environments?

Q. Can Static Analysis provide per-component results?

Q. When Analysis ends, is there a notification service?

Q. Which Analysis results output formats are supported?

Q. May I suppress a vulnerability?

Q. Do you have a Web Interface?

Q. In Static Analysis, may I create custom Security Rules?

Q. Which Development IDE are supported?

Q. Which Continuous Integration Platforms do you support?

Q. Which Issue Tracking Platform do you support?

Q. Do you integrate with external Dashboards, like SonarQube or ThreadFix?

Q. Do you provide REST API and CLI interfaces?

Q. Which is your AD/LDAP and role-profiling support?

Q. How can I monitor your tools behavior?

Firmware Reviewer FAQ

Q. Which are the installation modes?

Q. What are the installation Hardware and Software Requirements?

Q. What kind of analyses Firmware Reviewer can execute on a firmware image?

Q. Firmware Reviewer executes the Dynamic Analysis using simulation techniques. How can it simulate complex devices?

Q. How external open source tools can be orchestrated and integrated by Firmware Reviewer?

Q. How Secure Source code Analysis is integrated by Firmware Reviewer?

Q. How exposed vulnerable functions are detected by Firmware Reviewer?

Q. Suppose I solved some vulnerabilities reported by Firmware Reviewer. How can I verify such vulnerabilities have been fixed?

Q. I discover I have some users for services startup with Empty or Default Password. Firmware Reviewer reports them as vulnerable users. How can I test if those users are exploitable?

Q. Firmware Reviewer reports OS and 3rd-party components vulnerabilities. How can I verify if those vulnerabilities are exploitable or not?

Q. How Malware is detected?

 

 

COPYRIGHT (C) 2015-2024 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.