Deutsche Telekom launches online code vulnerability scanner
As part of its Developer Garden initiative, German telecommunications company Deutsche Telekom has launched a cloud service that enables developers to find security vulnerabilities in their web applications and mobile apps. The Developer Garden Code Analyzer is based on Checkmarx' Static Code Analysis tool and can test applications written in C, C++, C#, .NET, Java, JavaScript and Objective-C. PHP, Perl and Ruby are also supported.
Results of analyses performed with the service are shown in a web based dashboard and users can create and download a number of different reports based on them. The data is stored in accordance with the rather strict German data protection laws on servers hosted by Deutsche Telekom and can be completely deleted at any time. Code Analyzer's upload wizard can be used to upload code from a Git repository or users can upload their source code as ZIP files; framework specific code and assets like images should not be included.
Code Analyzer is available in three different pricing tiers that range from €499 to €3,750 a month. The different tiers are differentiated by the amount of scans that can be performed each month and by the maximum size of the code base (in lines of code) that can be submitted. Eclipse and Visual Studio plugins are available as part of the two higher tiers. The top tier also includes training and some level of support such as query optimisation. Users can sign up for a 30 day test version that includes five scans free of charge on the Developer Garden web site.
(fab)