Supported Languages

IDE Integration

Continuous Integration / DevOps

Our solution simplifies the implementation of an effective DevSecOps process

Learn more
YAG Dashboard

Detection of application vulnerabilities in the source code

  • The most common vulnerabilities are detected by our scanner (Sensitive Data Exposure, SQL Injection, XSS, CSRF, Command Injection, Path Traversal, etc.). Those ones cover in particular the OWASP Top10
  • Hundreds of others are identified by the SAST Open Source tools which are integrated to the YAG-Suite

centralized Scan

The scan server (SaaS or On-premise) avoids to consume resources on the developers workstation. It integrates YAG Scanner as well as a set of other preconfigured SAST Open Source tools.

Reduction of False positives and duplicates*

Your code review gets more efficient by filtering false positives with our embedded artificial intelligence.

Advanced Diagnosis*

YAG Scanner detected vulnerabilities are shown with a dynamic and educational diagnosis which helps understanding the causes of the warnings and building skills on application security.

Remediation support*

The tool identifies the most effective fix locations as well as patch samples extracted from the rest of the application source code.

Simple integration into your development process

The YAG-Suite interfaces with your continuous integration tools to control your code security at any time.

* Currently available for Java and PHP

Code review adapted to your application context

Machine Learning

The YAG-Suite learns from your feedback about true/false positives as well as assessing the CVSS Criticality. Thus, the analyzes self adapt to the application context to provide you with a relevant action plan on the vulnerabilities to be fixed as a priority.

Customization

Information to be sought in the source code can be easily customized to fit with unsupported technologies

The various repository customization modes as well as the graphic modeling wizards allow you to refine analyzes without requiring code analysis expertise.

Mapping / Code Mining

You have access to comprehensive lists of sensitive information, encryption mechanisms, and all information you need to identify and qualify detected vulnerabilities.

Supported Security Standards

Check the compliance of the source code of your applications against the main security standards : OWASP Top10, PCI-DSS, SANS-TOP25

OWASP Top 10