DerSecur Software Composition Analysis (SCA)

DerSecur is a cybersecurity company founded in 2011 that develops application security testing solutions. The company's flagship product is DerScanner, a platform that performs comprehensive analysis of both source and binary code to detect vulnerabilities throughout the Software Development Lifecycle.

DerScanner supports 43 programming languages and specializes in analyzing polyglot applications. The platform combines static application security testing (SAST) and dynamic application security testing (DAST) methodologies to provide security coverage for source and binary files. The tool features a patented Confi AI engine designed to reduce false positives in vulnerability detection.

The platform includes Software Composition Analysis (SCA) functionality that provides insights into open-source components and dependencies, helping identify vulnerabilities and ensure compliance with licensing terms. DerScanner also offers Supply Chain Security features that continuously monitor public repositories to inform decisions about open-source usage and reduce security and legal risks.

DerSecur's code analysis technologies were developed at the Research Institute for Fundamental and Applied Computer Science. The company employs 70 scientists and researchers focused on R&D in SAST, DAST, and SCA analysis. Their solutions are used in 45 countries worldwide. DerScanner has been recognized by Forrester as a notable vendor in The Static Application Security Testing Landscape (Q2 2023) and The Software Composition Analysis Landscape (Q2 2024).

In addition to its software platform, DerSecur provides cybersecurity services including penetration testing and code analysis reviews.