Codean is excited to announce the launch of its Review Environment, a tool designed for security experts who are passionate about code.
While fully automated solutions lack the depth and accuracy of human understanding of secure code, human source code analysis can be time-consuming and frustrating. Codean's Review Environment combines the best of both worlds, providing security experts with a set of features that make it easy to review and understand code, and to discover and communicate vulnerabilities in an efficient, effective, and enjoyable manner.
The Review Environment includes the ability to browse code, much like an IDE, by uploading a private or an unlimited amount of public repositories (unlimited private repository uploads are only available on commercial plans). Users can annotate, highlight, and connect code snippets (creating codemarks) to keep track of security-relevant information, including vulnerabilities. The tool also allows users to keep track of the review state of each file in a source tree, whether it is in progress, reviewed, or to be ignored. Our real time collaboration feature enables users to access everyone’s work and progress instantly, as the entire team shares codemarks, file state, and more.
In addition, the Review Environment features code(mark) reachability analysis, which displays the constraints required to reach a specific portion of the code (typically an asset). This feature is currently available for Python, JavaScript, and Rust but will be extended with support for additional languages in future releases. The tool also includes interactive taint analysis, which assists users in identifying the source code paths that carry data from or to a certain point. Taint analysis is currently available for JavaScript, Python, Rust, and TypeScript, and will be improved to enable users with a means to easily retrieve paths linking specific codemarks (typically an input with an asset). Finally, when a vulnerability is discovered, it can easily be reported back to the developers with the relevant information, due to the generation of a markdown file which includes any relevant codemarks (automatic synchronization with issue trackers is only available on commercial plans).
Codean is continuously striving to improve usability with a new interface and the extension of its feature set. Future developments include on-premise installation, automated codemark placement, automated reporting, and dashboards.
We encourage you to try out Codean's Review Environment and share your experience with us. We are always looking for ways to improve the tool and make it even better for security experts.
Sign up from our homepage @ codean.io!