Smart Static Application Quality Assurance Solution

World Cup Buk-Ro, 6th Fl. Mapo-Gu, Seoul, 03925, Korea. Tel. 82-2-300-9232 Fax. 82-2-300-9200 Email: sparrow@fasoo.com

Web Management Fast & Powerful Analysis Convenient Tools Compliance

Sparrow SAQT Engine

Sparrow SAQT Server

2

3

1

Sparrow SAQT Client (IDE Plugin / GUI / CLI)

Semantic based static program analysis engine with machine learning capabilityThat can detect & remediate potential execution errors and coding standards violations on source code based on various analysis techniques.

Manager User Management/Set Analysis Policy/Confirm Analysis Results and Statistics

Upload Analysis Results

Commit Source Code

Confirm Analysis Results

Central ManagementSystem

ServerDeveloper

Enable users to view, manage, and use various analysis results with its dashboard

Centralized rule management based on risk levels, options and more.

MVC structure analysis, association �le analysis, multiple step function/�le call relationship analysis

Incremental analysis to minimize analysis time by analyzing only changed and related �les

Issue navigator that follows process from cause of vulnerability to problem occurring point

Automated real source code sugges-tion for detected vulnerabilities

Detect based on domestic/international compliance and standard guidance

Support over 1700 checkers related to quality and coding convention

BenchmarkScore 94.88

Sparrows enables developers to analyze the source code and issues frequently with IDE

Esalate only source code that is not problematic from the transfer control system

Intergration with build systems enables periodic source code checkup and code change

Flexible Intergration with processand developement environment

Intergration with developer ides

Intergration with transfer control system

Intergration with build system

Developer A Developer B Developer C AdministratorSparrow SAQTServer

1. Perform source code analysis(IDE Plugin or Whistle Manager)

2. Store analysis result 3. Monitoring

DeveloperSecurityOfficer

DevelopmentServer

DevelopmentServer

DevelopmentServer

1. Inspect source code 2. Perform full inspection3. Report analysis result

4. Check analysis result

Developer A Developer B Developer C Developer D

Sparrow SAQTServer

ConfigurationMGNT Server

Send compliance response

Source code security inspection

Request a transferCommit source code

• Language

• • • • • •

Accurate analysis with low False Positive and False NegativesOWASP Benchmark Accuracy Score : 94.88

Supported Environment

Dashboard & StatisticIdentify the number of analysis, detection issues, risks and projectsAnalysis history logs by time frameProvide daily and accumulated status and statistic of entire projects and by user

Customizable ReportAbility to edit project summary, analysis �le information, results by risks, Top 10, violation reference, etc. Reports (PDF, Excel, Word, HWP)

Various Analysis MethodsEasy to use GUICLI for batch and scheduling analysisPlugins installed in development IDE enable analysis and result checkingSimple drag and drop analysis via web management system without separate client program

Integration with other solutionsTransfer control via integration with source code version controlsAutomation control via integration with Build Management Tool (CI) and Issue Tracking System (ITS)Hybrid analysis via interaction with DAST and RASP

Analysis History ManagementDi�erentiate new issues from old ones by comparing the result with prior analysis resultsAutomatically track prior detection results even if source code lines changePrevention of unauthorized use or tempering through provision of execution request/approval process

Fast & Powerful AnalysisProvide a detailed description of detection results, examples and solutionsBuilt–in editor for central editingO�er real code suggestion via Active Suggestion

World Cup Buk-Ro, 6th Fl. Mapo-Gu, Seoul, 03925, Korea. Tel. 82-2-300-9232 Fax. 82-2-300-9200 Email: sparrow@fasoo.com

CWEOWASPCERT MISRA CBSSC C/C++HIC C++ and more

Java, JSP, JavaScript, C/C++, PHP, C#, ASP(.NET), VB(.NET), VBS, SQL, XML, ABAP, SWIFT, HTML, Android Java, Objective-C, Python and more

• FrameworkSpring, Struts2, IBATIS/MYBATIS, Tmax ProFrame, MiPlatform, Xplatform, Nexacro, eGovernment Standard Framework

• OSServer: Windows, Linux (Redhat, Debian)Client: Windows, Linux (Redhat, Debian), AIX, HP-UX, Solaris, MacOS

• IDE PluginEclipse, Visual Studio, IntelliJ, Android Studio, ProFrame, Studio, IBM RAD

Compliance/Standards