Static analysis (SAST)

Use static analysis (SAST) to scan for security vulnerabilities in web and desktop applications. Static analysis includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).

To perform static analysis, either use AppScan Go! or download a small client utility and use its command line interface (CLI) perform security analysis on either source code or binary files for all supported languages. Static analysis plug-ins are available through their respective marketplaces. Once plugins are installed, you can scan Java projects in Eclipse or .NET (C#, ASP.NET, VB.NET) projects in Visual Studio. Additional information on plugins and integrations is listed here.

AppScan 360° looks for and scans specific file types associated with supported languages. For applications written in languages such as Ruby, AppScan 360° scans source code. For applications written in languages such as Java, AppScan 360° scans binary files of built code. To learn about all of the languages that are supported for static analysis scans, see Static analysis language support.

Note: Software Composition Analysis (SCA) is not available in this version of AppScan 360°.