Scan Application Code with Conviso
Introduction
Scan and protect your codebase with the Static Application Security Testing (SAST) and Software Composition Analysis (SCA) features available on the Conviso Platform.
The Conviso Platform is a SaaS solution that empowers developers to build more secure applications, integrating with DevSecOps tools and processes in a simple way.
Conviso Application Security Testing (AST)
Conviso AST offers the functionalities of SAST (Conviso SASTBOX) and SCA, the most complete solution.
With Conviso AST, you can analyze your source code and check if it uses open source software components that may have vulnerabilities that could compromise the security of your application.
How to use Conviso AST?
Scan directly from your terminal with the Conviso CLI; see the tutorial here.
You can also implement Conviso AST directly in your DevOps/DevSecOps pipeline, whether on Github Actions, Gitlab, Jenkins, and many others; discover our integrations here.
The analysis results are sent to Conviso Platform, where you can view, prioritize and fix the vulnerabilities found using our Vulnerability Management feature.
Conviso Static Application Security Testing (SAST): The Conviso SASTBOX
Conviso SASTBOX is the functionality of Conviso AST that performs Static Application Security Testing, that is, the static analysis of your source code or binary.
Conviso SASTBOX uses advanced techniques of syntactic, semantic, and logical analysis to detect vulnerabilities in various languages and frameworks; see here which ones are supported.
How to use Conviso SASTBOX? \ You can perform the Conviso SASTBOX directly from your terminal with the Conviso CLI; see the tutorial here.
You can also implement Conviso SASTBOX directly in your pipeline with our integrations; see more details in this documentation.
Languages and frameworks supported by Conviso SASTBOX
Our tool supports the following languages and frameworks:
| Languages and frameworks |
|---|
| Typescript |
| Golang |
| AngularJS |
| C / C++ |
| Elixir (Phoenix Framework) |
| Java |
| JavaScript // NodeJS |
| PHP |
| Python |
| Ruby / Ruby on Rails |
| iOS (Swift) |
| Secrets detection |
| PHP |
| .NET |
| Android (Java) |
Conviso SASTBOX analyzes a codebase with multiple open-source scanners and reports security flaws while deduplicating the reporting process.
Test coverage of Conviso SASTBOX
The current approach uses SAST tools with predefined rules and heuristics to identify suspicious code patterns, covering various vulnerabilities and insecure programming practices.
At Conviso SASTBOX, we have an ecosystem of 18 scanners, accumulating over a thousand rules to increase coverage capability.
Note: Therefore, it is essential to complement the use of SAST with other security practices, such as pentests, manual code reviews, and automated dynamic analysis, to improve the overall effectiveness of identifying and mitigating security flaws. At Conviso, we offer all AppSec processes and practices!
Conviso Software Composition Analysis (SCA)
Conviso SCA is the functionality of Conviso AST that performs Software Composition Analysis, that is, the analysis of open source software components used in your application.
Conviso SCA checks if these components have known vulnerabilities, if they comply with the licenses required by your project, and if they have a suitable quality for your use.
How to use Conviso SCA?
You can perform directly from your terminal with the Conviso CLI; see the tutorial here.
You can also implement Conviso SCA directly in your pipeline with our integrations; see more here.
Support
Should you have any questions or require assistance while using the Conviso Application Security Testing, feel free to contact our dedicated support team.
Resources
By exploring our comprehensive content, you’ll discover resources that will enhance your understanding of AppSec.
Securing customers CI/CD pipelines using Conviso CLI: This article presents the possibilities of using the Conviso CLI for your CI/CD pipeline.
