ArmourZero's AI-powered Code Scan combined multiple security code scanners to seamlessly detect and analyse source code or compiled versions of code to help find security flaws within your software development lifecycle (SDLC) and in your DevOps (Development Operations) methodology and practice.
These scanners are categorised as:
1. Static Application Security Testing (SAST) - to looks at the source code to check for coding and design flaws that could allow for malicious code injection.
2. Infrastructure as Code (IaC) - to find code vulnerability which automates the provisioning of infrastructure, enabling your organisation to develop, deploy, and scale cloud applications with greater speed, less risk, and reduced cost.
3. Software Composition Analysis (SCA) - to find open-source libraries and components that are being used by your code by analyzing information from multiple sources such as file hashes, binaries and more.
4. Secret Scanning - to find any sensitive information such as private keys, API secrets and tokens, etc. It does so by looking at file names, extensions, and content, attempting to match them against a list of signatures.
ArmourZero's AI-powered Code Scan seamlessly integrate (link) code security analysis into your cloud software development platforms, without the need to copy or retrieve any of your confidential source codes. Everything done within your CI/CD pipeline tools.
Supported CI/CD pipeline tools:
1. Github
2. Gitlab
3. Bitbucket
4. CircleCI
5. Azure Pipeline
6. Jenkins
7. Gitea
The scanned results of all possible vulnerabilities detected will then be compared with industry Common Weakness Enumeration (CWE) and Common Vulnerability and Exposures (CVE) to determine the vulnerabilities' severity levels. Each of these possible vulnerability detected will then be mapped into OWASP Top 10 List (2021) and OWASP Mobile Top 10 (2024) compliance which is the latest standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to applications.
There are 5 categories of CWE and CVE vulnerabilities' severity levels.
- Critical
- High
- Medium
- Low
- Information
Integrates your CI/CD pipeline tools to start with ArmourZero's AI-powered Code Scan immediately, find all possible vulnerabilities faster than attackers.