Sparrow’s new solutions and features help users identify vulnerabilities in source code and web applications
At Black Hat USA 2022, Sparrow is announcing its newly upgraded Sparrow Cloud and open-source management solution, Sparrow SCA.
Sparrow Cloud is a single platform for managing security and quality issues of both source code and web applications: running static and dynamic tests, checking test results, marking vulnerability status, and generating reports.
Since its introduction in 2018 as a cloud-based static application security testing service, Sparrow Cloud has been evolving continuously. Sparrow Cloud added dynamic analysis in 2019 and an integrated service that combined static and dynamic analysis in 2020 and is now introducing its open source management service.
This open-source management SaaS service will not be available until the beginning of 2023.
Sparrow SCA will analyze source code and binary files for open source license information and security vulnerabilities and generate detailed results into reports and SBOM (Software Bill of Materials) in global standard formats: SPDX, CycloneDX, and SWID Tags.
Sparrow Cloud SAST supports 16 languages including ABAP, ASP(.NET), C#, HTML, Java, JSP, JavaScript, Objective-C, PHP, Properties, Python, SQL, Swift, VB.Net, VBS, and XML. When users start the static analysis on Sparrow Cloud, it will naturally identify the languages of the code, and use checkers fit for the language.
Sparrow Cloud DAST tests running applications and identifying security vulnerabilities in them. Sparrow Cloud DAST enables users to run tests from AJAX to web elements by using dynamic methods HTTP. Sparrow Cloud can scan JavaScript applications by replaying browser events as well.
Sparrow Cloud was also launched in AWS Marketplace last March and enabled users to quickly identify, analyze, and remediate their applications, including software and web applications for security vulnerabilities without any hardware or other installation.