Mend SAST

Mend SAST (replacing the former DefenseCode ThunderScan) is a SAST solution for performing deep and extensive security analysis of application source code. Mend SAST requires almost no user input and can be deployed during or after development with integration into an existing DevOps environment and CI/CD pipeline. The SAST solution provides a way to automate code inspection as an alternative to the demanding and time-consuming procedure of manual code reviews. With Mend SAST it is possible to scan millions of source code lines across 29 different programming languages and various programming frameworks. Scalability combined with repeatability of automation provides a way to introduce security into DevOps for organizations ranging from small development teams up to the largest enterprises.It includes a Dependency Check component (Software Composition Analysis – SCA) that will detect publicly disclosed vulnerabilities contained within a project’s dependencies with associated CVE entries.