Sparrow SAQT
Sparrow’s static analysis solution supports over 25 major programming languages and frameworks to improve the quality of software
Java, JSP, C/C++, C#, Python, Swift, Rust, Go, TypeScript, Object-C, Kotlin, etc.
Comply with global quality compliance and standard guides to improve the quality and brand value of the software
CWE, CERT, MISRA C/C++, BSSC C/C++, HIC C++ and more
Fast & Accurate analysis
Minimize analysis time and increase work efficiency by utilizing advanced features, including real code-based remediation guides and issue filtering
Key Features
Powerful analysis
- MVC structure analysis, associated file analysis, and analysis of function call relationship in various levels
- Incremental analysis: Minimize analysis time by only analyzing newly added, modified files and their associated files
- Support analysis via GUI, CLI, and Plugin
Advanced manageability
- Issue navigator to track vulnerabilities from their origin to actual code
- Automated real source code correction guide
- Automated classification of vulnerabilities
Dashboard and statistics
- The dashboard offers various information, including analysis, detection issues, risk levels, projects, etc.
- Provides history and trend of analysis results
- Provides statistics by project, by user, and by compliances
Web-based centralized
management
- Dashboard for analysis result management and statistics
- Centralized rule (Checker) management based on information including risk levels, options, and others
Integration
- Support integration with source code version control systems and other development environments
- Automated management via integration with Build Management Tool (Continuous Integration) and Issue Tracking System (ITS)
Convenient Manageability & Reporting
- Customizable report(PDF, Excel, Word, HWP)
- Automatically differentiate new issues from old issues
- Automatic identification of existing detection result status even if source code line is changed
- Prevent tampering and unauthorized use via exception request/approval process
Use Case
FAQ's
1. What is Sparrow SAQT and what does it do?
Sparrow SAQT is a static analysis solution designed to improve software quality by detecting vulnerabilities and issues within source code. It supports over 25 major programming languages and frameworks, and helps organizations comply with global quality standards and regulations.
2. Which programming languages does Sparrow SAQT support?
Sparrow SAQT supports a wide range of languages including Java, JSP, C/C++, C#, Python, Swift, Rust, Go, TypeScript, Objective-C, and Kotlin, among others. This makes it versatile for use in diverse development environments.
3. How does Sparrow SAQT enhance analysis efficiency?
The tool utilizes features such as incremental analysis, which only analyzes newly added or modified files to save time. It also provides real code-based remediation guides and advanced issue filtering to streamline the vulnerability review process.
4. What are the key features of Sparrow SAQT’s dashboard?
The web-based centralized dashboard displays comprehensive details such as analysis summaries, detected issues, risk levels, project statistics, user statistics, and compliance tracking. It also provides trends and history of analysis results.
5. Can Sparrow SAQT integrate with other development tools?
Yes, Sparrow SAQT can integrate with source code version control systems and development environments. It also enables automated analysis through integration with build management tools (Continuous Integration) and Issue Tracking Systems.
6. How does Sparrow SAQT manage and report vulnerabilities?
The solution features an issue navigator to trace vulnerabilities from their origin, automated classification of vulnerabilities, and customizable reporting options (PDF, Excel, Word, HWP). It distinguishes new issues from old, even if source code lines change, and prevents unauthorized changes through an exception request/approval process.