True Code Analysis
True Code Analysis is a solution for software developers who want to create more secure code, and get the best possible help from both human reviewers and automation. True Code Analysis includes functiounality that integrates human code review in the development cycle, and allows the developer to get maximum value from the feedback a reviewer gives. More important we have implemented powerful methods to provide more useful automatic feedback. True Code Analysis includes a plugin for Eclipse, a popular IDE. This plugin is used by the softare developer as well as the reviewers to detect and resolve security issues directly in the source code.
- Code security metrics. Developers seek reliable security assurance. True code analysis features a configurable dashboard that visualizes the status and progress of code security, and includes a score representing the currently achieved security level.
- Better filtering of false positives. We realize that false positives are highly frustrating to reviewers, and True Code analysis includes methods to better verify the validity of findings. This is a complex problem that requires powerful analysis algorithms, and high platform performance.
- Better detection of vulnerabilities. Today many vulnerabilities are too complex for automatic detection, although a human analyst would spot them. True code analysis captures our security knowledge and embeds this in better scanning algorithms. Additionally we accumulate anonymized findings from a growing track record of IoT evaluation projects. This practical information from actual vulnerabilities will help improve our detection capability.
- Collaboration platform. We are working on a portal where TCAT uers can share their knowledge of vulnerabilities as well as detection methods. Through collaboration we offer the TCAT user community to dynamically extend their security scanning capabilities.
- Intergation in the software development cycle. The command line option gives all the flexibility to integrate True Code Analysis in your own development process