A static code analysis and dependency checking solution, giving you the security insights you need.
SOF_Scanner is designed to support any type of repo configuration. For complex multi-repo or multi-component projects, each scan can be flagged with affected component enabling you to get a unified view of your product or services security posture.
Unlike other tools, this tool executes in your CI/CD as part of your build step. This means your not sending your code to any third parities.
Using a unique fingerprinting strategy, each vulnerability is fingerprinted so you can see how long it has been open, track its resolution and see if appears in any regression.
OF Scanner is released on AGPL-v3 and is built on top of industry leading open source security tools. Its modular framework enables you to build integrations to any scanning tool you wish.