Code
Provides AppSec teams with deep visibility into code-level security vulnerabilities through static analysis, covering injection attacks, language-specific security patterns, and compliance with coding standards. It enables early detection and remediation of security flaws across the entire application portfolio.
Required Blueprints: GitHub, Azure DevOps, Azure, AWS, Bitbucket, Checkmarx
Sightlines
| Sightline | Description |
|---|---|
| Repository Overview | Offers an overarching view of the state of software repositories, highlighting vulnerabilities and risk scores. |
| Repository Impact Analysis | Evaluates the impact of vulnerabilities across repositories, enabling better risk assessment. |
| Repository Vulnerabilities Trend Analysis | Tracks vulnerability trends over time across repositories. |
Explorer Node Types
Use these node types in Explorer or KAI to query resources surfaced by this analyzer:
sca.sast.SASTVulnerability, checkmarx.scan.SASTResult
Related Analyzers
- Repository — Source code analysis and repository security posture
- Software Composition Analysis — Vulnerable dependencies in code
- Secrets and PII — Hardcoded secrets and PII in code
- IaC — Infrastructure security misconfigurations in code
- Artifact — Vulnerabilities in built artifacts from code