AmourZero's AI-powered Code Security Analysis combined multiple security code scanners to seamlessly detect and analyse source code or compiled versions of code to help find security flaws within your software development lifecycle (SDLC) and in your DevOps (Development Operations) methodology and practice.
These scanners are categorised as:
1. Static Application Security Testing (SAST) - to looks at the source code to check for coding and design flaws that could allow for malicious code injection.
2. Infrastructure as Code (IaC) - to find code vulnerability which automates the provisioning of infrastructure, enabling your organisation to develop, deploy, and scale cloud applications with greater speed, less risk, and reduced cost.
3. Software Composition Analysis (SCA) - to find open-source libraries and components that are being used by your code by analyzing information from multiple sources such as file hashes, binaries and more.
4. Secret Scanning - to find any sensitive information such as private keys, API secrets and tokens, etc. It does so by looking at file names, extensions, and content, attempting to match them against a list of signatures.
AmourZero's AI-powered Code Security Analysis seamlessly integrate (link) code security analysis into your cloud software development platforms, without the need to copy or retrieve any of your confidential source codes. Everything done within your DevOps pipeline tools.
Supported DevOps pipeline tools:
1. Github
2. Gitlab
3. Bitbucket
4. CircleCI
5. Azure Pipeline
The scanned results of all possible vulnerabilities detected will then be compared with industry Common Weakness Enumeration (CWE) and Common Vulnerability and Exposures (CVE) to determine the vulnerabilities' severity levels. Each of these possible vulnerability detected will then be mapped into OWASP Top 10 List (2021) compliance which is the latest standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.
There are 5 categories of CWE and CVE vulnerabilities' severity levels.
- Critical
- High
- Medium
- Low
- Information.
Integrates your cloud software development platforms to start with AmourZero's AI-powered Code Security Analysis immediately, find all possible vulnerabilities faster than attackers.