Static Analysis (SAST)

Find security vulnerabilities in the source code

Static Application Security Testing (SAST) are tests on source code that aim to identify security vulnerabilities. Those tests tend to be faster than DAST and find complex vulnerabilities such as race condition on threads, but can't cover the underlying infrastructure, as it's only possible on DAST, and the scanner must be specific for the given source code and framework.

Source Code Upload

Before running security tests in the source code, we need you to upload them first. After being uploaded user won't be able to download it to avoid disclosure. It's only possible see the file signature (checksum) to make sure that the correct file was uploaded.

We understand that your intellectual property deserves the maximum protection so we apply many security measures and offer a possibility for you to use our Virtual Scan Appliance (VSA) and point the source code URL to scan it locally and only send us the findings.

Unified Scan Profile

Whereas our Dynamic Application Security Testing (DAST) feature, the scan profile is defined once and then selected prior the scan execution or scan schedulement. For SAST Scan Profiles it's only a selection of scanners that will run.

Scan One-time or Continuously

On Gauntlet everything is focused to be simple to use. Just select the source code and the scan profile, then hit "Start". That's it. You can also schedule scans for continuous security. Learn more about scan schedulement.

Stop Scans Anytime

After starting a scan you'll see a screen like this, showing the scanner IP Address and the state of each scanner. In case you want, it's possible to stop the execution of selected scanners. It's also possible to set up notifications to be notified when a scan starts, finishes or stops. Learn more about notifications.

Explore the features