Smart Static Application Quality Assurance Solution
World Cup Buk-Ro, 6th Fl. Mapo-Gu, Seoul, 03925, Korea. Tel. 82-2-300-9232 Fax. 82-2-300-9200 Email: [email protected]
Web Management Fast & Powerful Analysis Convenient Tools Compliance
Sparrow SAQT Engine
Sparrow SAQT Server
2
3
1
Sparrow SAQT Client (IDE Plugin / GUI / CLI)
Semantic based static program analysis engine with machine learning capabilityThat can detect & remediate potential execution errors and coding standards violations on source code based on various analysis techniques.
Manager User Management/Set Analysis Policy/Confirm Analysis Results and Statistics
Upload Analysis Results
Commit Source Code
Confirm Analysis Results
Central ManagementSystem
ServerDeveloper
Enable users to view, manage, and use various analysis results with its dashboard
Centralized rule management based on risk levels, options and more.
MVC structure analysis, association �le analysis, multiple step function/�le call relationship analysis
Incremental analysis to minimize analysis time by analyzing only changed and related �les
Issue navigator that follows process from cause of vulnerability to problem occurring point
Automated real source code sugges-tion for detected vulnerabilities
Detect based on domestic/international compliance and standard guidance
Support over 1700 checkers related to quality and coding convention
BenchmarkScore 94.88
Sparrows enables developers to analyze the source code and issues frequently with IDE
Esalate only source code that is not problematic from the transfer control system
Intergration with build systems enables periodic source code checkup and code change
Flexible Intergration with processand developement environment
Intergration with developer ides
Intergration with transfer control system
Intergration with build system
Developer A Developer B Developer C AdministratorSparrow SAQTServer
1. Perform source code analysis(IDE Plugin or Whistle Manager)
2. Store analysis result 3. Monitoring
DeveloperSecurityOfficer
DevelopmentServer
DevelopmentServer
DevelopmentServer
1. Inspect source code 2. Perform full inspection3. Report analysis result
4. Check analysis result
Developer A Developer B Developer C Developer D
Sparrow SAQTServer
ConfigurationMGNT Server
Send compliance response
Source code security inspection
Request a transferCommit source code
• Language
• • • • • •
Accurate analysis with low False Positive and False NegativesOWASP Benchmark Accuracy Score : 94.88
Supported Environment
Dashboard & StatisticIdentify the number of analysis, detection issues, risks and projectsAnalysis history logs by time frameProvide daily and accumulated status and statistic of entire projects and by user
Customizable ReportAbility to edit project summary, analysis �le information, results by risks, Top 10, violation reference, etc. Reports (PDF, Excel, Word, HWP)
Various Analysis MethodsEasy to use GUICLI for batch and scheduling analysisPlugins installed in development IDE enable analysis and result checkingSimple drag and drop analysis via web management system without separate client program
Integration with other solutionsTransfer control via integration with source code version controlsAutomation control via integration with Build Management Tool (CI) and Issue Tracking System (ITS)Hybrid analysis via interaction with DAST and RASP
Analysis History ManagementDi�erentiate new issues from old ones by comparing the result with prior analysis resultsAutomatically track prior detection results even if source code lines changePrevention of unauthorized use or tempering through provision of execution request/approval process
Fast & Powerful AnalysisProvide a detailed description of detection results, examples and solutionsBuilt–in editor for central editingO�er real code suggestion via Active Suggestion
World Cup Buk-Ro, 6th Fl. Mapo-Gu, Seoul, 03925, Korea. Tel. 82-2-300-9232 Fax. 82-2-300-9200 Email: [email protected]
CWEOWASPCERT MISRA CBSSC C/C++HIC C++ and more
Java, JSP, JavaScript, C/C++, PHP, C#, ASP(.NET), VB(.NET), VBS, SQL, XML, ABAP, SWIFT, HTML, Android Java, Objective-C, Python and more
• FrameworkSpring, Struts2, IBATIS/MYBATIS, Tmax ProFrame, MiPlatform, Xplatform, Nexacro, eGovernment Standard Framework
• OSServer: Windows, Linux (Redhat, Debian)Client: Windows, Linux (Redhat, Debian), AIX, HP-UX, Solaris, MacOS
• IDE PluginEclipse, Visual Studio, IntelliJ, Android Studio, ProFrame, Studio, IBM RAD
Compliance/Standards