Breaking: RIPS is acquired by SonarSource
Joining forces in building best-in-class SAST products

Our unique Approach

Static code analysis algorithms dedicated to each programming language.

Request Demo

RIPS Analysis Approach Header
Abstract Graphmodel

Background: Static Code Analysis

Static analysis (or static application security testing) is performed solely on the source code of an application without executing it. The complete source code is transformed into an abstract model that is then analyzed for security vulnerabilities. More precisely, taint analysis follows data flow of user input that the application receives across file and function boundaries. If user input is used in a security sensitive operation (such as a SQL query) an attacker could malform this operation and thus a security vulnerability is reported (e.g. a SQL injection vulnerability).

Language Specific Analysis

The RIPS Approach

Instead of building one generic analyzer for fundamentally different programming languages, such as static Java and dynamic JavaScript, we strongly believe that complex security bugs in modern source code can only be accurately detected with a precise simulation of all the code language's subtlenesses, libraries, and pitfalls. After all, these nifty details account for today's security vulnerabilities. Hence, we build RIPS analysis engines for each programming language independently that consider all the language's details for the most accurate analysis possible.

Show example

Security Testing Approaches

Comparing Code Scanning Approaches

During static analysis, the source code of an application doesn't have to be running, functional, or even complete. Code can be analyzed for vulnerabilities and security risks while the application is being developed. Developers can, and should, scan the code continuously throughout the software development lifecycle. This way, they can discover code vulnerabilities as early as possible, while the code is being written. All security issues discovered can be pinpointed to the exact line of code for quick remediation. For more information on static analysis solutions, please read our blog.

SAST/DAST/IAST comparison

Analysis Profiles for Ultimate Fine-Tuning

RIPS allows you to analyze source code straight out of the box without time consuming configuration. Advanced users can tailor our analysis engines and algorithms to their specific environments to maximize code analysis precision.

Request Demo

Analysis Profiles