What Our Customers Say

Magento selected RIPS technology to enhance the scanning capabilities of all Magento products. Using RIPS API, Magento streamlined its Threat Intelligence pipeline to provide automated scanning and threat identification. RIPS Tech team support is outstanding, ensuring Magento an easy set up and operational excellence.

John Steer, Chief of Product Security, Magento

After an evaluation, FLYERALARM selected RIPS On-Premises as the only SAST solution with a dedicated focus on the complex PHP language. FLYERALARM scans its large applications with 1.8 and 2.5 million lines of code in only 12 and 20 minutes. The false positive rate was measured to be at only 1-2%.

Read Success Story

Security is fundamental to Datto's software development process. RIPS and its easy integration into our DevOps tools enables us to manage our risks and to detect vulnerabilities earlier in the development cycle before the code moves into production. In our evaluation we chose RIPS because it offers meaningful and accurate results for our custom API implementation as well as for popular frameworks. The continual support from the RIPS team is timely and exemplary.

Sachin Shetty, Application Security Manager - Core Products, Datto

We evaluated a few products and chose RIPS because it performs really well, and has a strong ability to follow tainted data across the scanned application - which is very important for any SAST solution. Further, our security champions learn more from RIPS findings, as they gain a much better understanding of the vulnerabilities discovered during scans.

Dinis Cruz, Application Security Specialist, WorldFirst

With hundreds of contributors around the globe and over 25,000 commits, tracking possible security bugs becomes a challenge. By partnering with RIPS and by using its extensive automation and integration capabilities, we are able to add another strong layer of security testing to our code base.

Rowan Hoskyns-Abrahall, President of the Joomla Project

We've been using SAST products from a couple of big and well known vendors but the results we were getting were little more than elaborate script searches with too much noise resulting in a painful waste of time. RIPS provides highly accurate analysis finding bugs that were not detected by the other tools.

Lukas Reschke, Information Security Lead, Nextcloud

Here is one of the few security products, that is not snakeoil: RIPS. We use it all the time.

Dr. Mario Heiderich, CEO, Cure53

We've invested in the onsite RIPS product to enhance the speed at which we can assess the many custom PHP Wordpress plugins and management tools our customers deploy. Spending less time finding vulnerabilities means we can spend more time writing proof of concept exploits which adds value to our engagements!

Dave Aitel, CEO, Immunity

IncludeSec has executed security assessments for hundreds of tech companies and worked with a variety of SAST tools. Our engagement time is often limited, as such speed and comprehensiveness are must-haves. With RIPS' unique efficiency, accuracy, and coverage we find more bugs in less time. RIPS is, without doubt, the most comprehensive PHP static code analyzer today and a game changer for assessments!

Erik Cabetas, Managing Partner, Include Security

When using a SAST tool at Core Security the most crucial features are the precision of the results, the amount of false positives, and the speed. RIPS' performance and accuracy prevails over any other SAST tool we have seen. We are happy to have found a tool that meets our expectations and, contrary to other tools, saves us time instead of increasing our work load due to false positives.

Guido Leo, Security Consultant, Core Security

We are passionate about security and take pride in our work, as such, its quality is of utmost importance. In a recent assessment we had to quickly identify weaknesses within 8 million lines of code which is impossible to do manually. RIPS identified vulnerabilities within only 1 hour and allowed us to drastically reduce our testing time. The team behind it is by far a reference in terms of PHP security.

Philippe Caturegli, Founder, Seralys

As a leading consultancy for PHP and related technologies, we commonly perform code reviews which often include security audits. In addition to our in-depth manual reviews we also use static code analyzers to assess a code base. RIPS adds great value because it allows us to quickly measure (in-)security, and helps to address all detected issues in a well-structured fashion.

Arne Blankerts, Principal Consultant, The PHP Consulting Company