Data Theorem Unveils Code SAST Secure - Fully Integrated AST Product with SAST, SCA, and SBOM Management
New offering builds on the success of Supply Chain Secure, delivering comprehensive security insights across application and API code repositories.
PALO ALTO, Calif.
Data Theorem, Inc., a leading provider of modern application security, today announced the launch of Code SAST Secure, the latest evolution in application security designed to protect the software supply chain from code to deployment. Code SAST Secure uniquely integrates Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Supply Chain Security capabilities—including Software Bill of Materials (SBOM) management—into a comprehensive product offering.
This cutting-edge solution offers application security teams dynamically verified insights into vulnerabilities, open-source dependencies, and the overall software composition, encompassing both first and third-party components. By automating the analysis of security issues across the entire codebase, Code SAST Secure minimizes the manual effort involved in sifting through vast amounts of data. It empowers teams to prioritize the most critical vulnerabilities, enabling faster remediation and strengthening security earlier in the development lifecycle. This proactive approach significantly reduces the risk of breaches, while ensuring continuous compliance with industry standards, providing peace of mind as applications scale in complexity.
According to Gartner, “Application security tools invariably produce reams of data about potential vulnerabilities. Traditional, frequently manual, approaches to assessing and prioritizing these findings have failed to scale to accommodate either the amount of data (which has grown exponentially as new types of tests, generating ever more findings, are implemented) or the speed associated with modern development processes. This situation inevitably results in a number of adverse outcomes. If the number of findings becomes too large, it becomes easy to simply ignore them as an intractable and unsolvable problem. Rigid controls over deployment that fail to adequately reflect the risk associated with different findings can create friction between security and the balance of the organization. Practitioners will waste time and energy pursuing issues that could safely be ignored or deprioritized .” As per one of the key findings from the Gartner report, [software] development, platform engineering, cloud operations, security teams and others frequently struggle to prioritize specific security issues that should be addressed more holistically to provide optimal reduction in risk.” 1
Code SAST Secure's comprehensive Full Stack Security analysis offers unique advantages by providing visibility across all layers of an application’s architecture—from code, APIs, and open-source libraries to cloud environments and third-party components. By connecting these elements in a single, cohesive view, Code SAST Secure enables security teams to not only identify vulnerabilities in isolation but to understand how they interrelate and impact the overall security posture. This full-stack visibility allows teams to address root causes more effectively, improving the accuracy of risk assessments and enhancing their ability to defend against evolving attack vectors. Ultimately, this helps organizations maintain a stronger, more resilient security posture, even as applications evolve through development, deployment, and scaling.
“Data Theorem is committed to leading the market in application and API security innovation,” said Doug Dooley, COO at Data Theorem. “With Code SAST Secure, we’ve built on the foundation of our Supply Chain Secure product to offer an integrated approach that helps security and DevOps teams confidently secure their software. By consolidating SAST, SCA, and SBOM management with real-time verification and attack path visualization, Code SAST Secure delivers unparalleled protection for organizations. This new, integrated code security offering delivers significant cost savings and simplicity for customers seeking to eliminate complexity and alert fatigue often associated with their legacy SAST and SCA scanning tools.”
Key Differentiators of Code SAST Secure Include:
- Tool Consolidation: Code SAST Secure integrates SAST, SCA, Supply Chain, and SBOM management, reducing the need for multiple, overlapping tools.
- Dynamic Verification: DAST (Dynamic Application Security Testing) verification of code findings for APIs and applications ensures more accurate identification of vulnerabilities.
- Attack Path Visualization: Code-level violations are incorporated into attack path visualizations, providing security teams with a clearer understanding of potential exploit pathways.
Code SAST Secure’s launch follows Data Theorem’s introduction of its Attack Path Visualization capabilities, which were highlighted at the Apidays Paris event in December 2023. Together, these innovations exemplify Data Theorem’s commitment to offering end-to-end security solutions for modern, cloud-native applications.
Availability and Pricing
Code SAST Secure is available today with subscription based pricing starting at $50 per seat per month. For more information, please visit www.datatheorem.com/products/code-secure.
Note 1 – Gartner, Inc. “Innovation Insight for Application Security Posture Management,” by Dale Gardner, Dionisio Zumerle, Manjunath Bhat. May 4, 2023.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Media Contact
Liz Youngs media@datatheorem.com (415) 763-7331About Data Theorem
Data Theorem is a leading provider of modern application security, helping customers prevent AppSec data breaches. Its products focus on API security, cloud (serverless apps, CSPM, CWPP, CNAPP), mobile apps (iOS and Android), and web apps (single-page apps). Its core mission is to analyze and secure any modern application anytime, anywhere. The award-winning Data Theorem Analyzer Engine continuously analyzes APIs, Web, Mobile, and Cloud applications in search of security flaws and data privacy gaps. The company has detected more than 5 billion application incidents and currently secures more than 25,000 modern applications for its enterprise customers around the world.