logo NTT APPSEC
Next-Generation Static Application Security Testing (SAST)

Vantage Inspect is a developer-focused solution that combines software composition analysis (SCA), static application security testing (SAST) and Infrastructure-as-Code technologies to give in-context security feedback directly within the native code repository.

Organizations need a way to test application code for security vulnerabilities easily and repeatably as part of an automated process.

Vantage Inspect powered by ShiftLeft is a static application security testing (SAST) solution that blends SCA, SAST and Infrastructure-as-Code technologies to comprehensively inspect an application's source code, Open Source libraries and infrastructure. Vantage Inspect plugs directly into the code repository, enabling developers to secure code earlier in production and ensure critical vulnerabilities are not deployed into pre-production.

Key Features & Functionalities

  • Source Code Analysis (SCA)
  • Static Application Security Testing (SAST)
  • Infrastructure-as-Code (IaC) functionality for cloud-native application development
  • Test beyond source code — identify business logic flaws, data leakage and insider threats
  • Improves compliance and risk management
  • Incremental scans give developers security feedback in minutes — not hours
  • Real-time and contextual security analysis delivered natively

How does Vantage Inspect work?

Configure App or Pull Repository 

Start by importing one of your GitHub repositories or analyzing one of our demo apps. Don’t have GitHub? Use our CLI.

Identify and Fix Vulnerabilities

Use data flow presentation to understand a vulnerability from the attacker’s perspective. Use contextual education to learn more about the type of vulnerability and how it can be fixed.

Safely Analyze Your Source Code

Your source code is never sent to our servers. Depending on the size of your app, a scan takes just minutes. Scan early, scan often.

Vantage Inspect

Integrate the Results Into Your Workflow

Use Vantage Inspect to assign issues to different developers and track fixes and regressions between scans.

Supported Vulnerability Coverage

  • Authentication Bypass
  • Cookie Injection
  • Cross-Site Scripting (XSS)
  • Crypto AES with ECB
  • Deserialization
  • Directory Traversal
  • Eval
  • File Write
  • Hard-Coded Password
  • Header Injection
  • Improper Certificate Validation
  • Insecure Cookie
  • Insecure JWT Algorithm
  • Insecure Puppeteer Settings
  • Insecure TLS Configuration
  • JWT Exposed Creds
  • JWT Unsafe Parsing
  • LDAP Injection
  • Mail Injection
  • Mass Assignment
  • Missing Certificate Check
  • NoSQL Injection
  • Open Redirect
  • OSS Express Body Parser
  • Path Traversal
  • Prototype Pollution
  • Remote Code Execution
  • Sensitive Data Exposure
  • Sensitive Data Leak
  • Session Injection
  • SQL Injection
  • SSRF
  • TLS Checks are Disabled
  • Trust Boundary Violation
  • Unvalidated Input Used in Cookie
  • Usage of Insecure API
  • Weak Encryption
  • Weak Hash
  • Weak Random: The application uses the weak random number generator crypto.pseudoRandomBytes()/Math.random()
  • XML External Entity
  • XML Injection/XXE (External Entity) Injection
  • XPath Injection
  • Supports OWASP 10, Secrets, SCA including Reachability, and more.

Let’s discuss your security needs

Contact Us