# DerScanner Reviews **Vendor:** DerSecur **Category:** [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast) **Average Rating:** 5.0/5.0 **Total Reviews:** 8 ## About DerScanner DerScanner is a complete application security testing solution to eliminate known and unknown code threats across Software Development Lifecycle. DerScanner static code analysis offers developers the support for 43 programming languages ensuring thorough security coverage for almost any application. DerScanner's SAST uniquely analyzes both source and binary files, revealing hidden vulnerabilities that are often missed in standard scans. This is especially crucial for legacy applications or when source code access is limited. DerScanner’s DAST feature mimics an external attacker, similar to penetration testing. This is vital for finding vulnerabilities that only appear when the application is operational. DAST in DerScanner enriches SAST findings by cross-checking and correlating vulnerabilities detected by both methods. With DerScanner Software Composition Analysis you can gain critical insights into open-source components and dependencies in your projects. It helps identify vulnerabilities early and ensures compliance with licensing terms, reducing legal risks. DerScanner's Supply Chain Security continuously monitors public repositories, evaluating the security posture of each package. This allows you to make informed decisions about using open-source components in your applications. ## DerScanner Reviews ### 1. Making hidden issues visible - real eyes opener **Rating:** 5.0/5.0 stars **Reviewed by:** Jason C. | Marketing Manager, Small-Business (50 or fewer emp.) **Reviewed Date:** November 17, 2023 **What do you like best about DerScanner?** When we first got our hands on DerScanner for our company's financial application, we were in for quite a journey. The initial phase was a deep dive into the source code, a daunting 30,000 lines that seemed like a mountain to climb. Surprisingly, DerScanner made quick work of it, detecting only a handful of vulnerabilities. **What do you dislike about DerScanner?** Actually we considered a cloud version at first. However after a discussion with DerScanner team we were recommended to stick with on-prem implementation. **What problems is DerScanner solving and how is that benefiting you?** When DerScanner analyzed the compiled executable files, it was like peeling back layers of an onion. The analysis revealed a staggering 500,000 lines of code, uncovering a myriad of vulnerabilities, several hundred to be precise. It turned out that most of our app was stitched together with third-party components — a patchwork of freeware, internet-sourced codes, modules, and libraries, all used to cut down on development time. This was something we didn't expect to see. DerScanner didn't just scan our application; it uncovered a hidden world within our code, highlighting the risks we didn't even know were there. This level of thoroughness and the insights it provided have been invaluable to our team. ### 2. Great resource that helps my platform stay up to date with needed security measures **Rating:** 5.0/5.0 stars **Reviewed by:** Yury S. | Senior Consultant - Human Capital Practice, Mid-Market (51-1000 emp.) **Reviewed Date:** November 20, 2023 **What do you like best about DerScanner?** DerScanner allows us to improve the collaboration between our application security and development teams. By using this platform, we can include security measures at early stage in the development process. This makes it easier for developers to integrate security practices while they are coding, avoiding the need to go back and fix things later on, which can save time and reduce frustration. Regarding collaboration with DerScanner I would mention the quality of customer service: DerScanner has genuinely changed the way I view security scanning tools. In an era where automated responses are the norm, it’s refreshing to have real people on the other end of the line, ready to help. You can tell that the team behind DerScanner values their clients and strives to provide a customer service experience that stands out from the crowd. **What do you dislike about DerScanner?** Some of our developers at first found it difficult to adapt to the new workflow. However, over time and with adequate training and support, this challenge has been resolved. **What problems is DerScanner solving and how is that benefiting you?** DerScanner tackles a crucial problem in software development and security: the lack of coordination between AppSec and development teams. By integrating security from the start, it ensures safer final products and a smoother development process. Early identification of security issues means developers can stay creative, and AppSec knows security is a priority throughout. This results in better products, happier teams, and overall business success ### 3. On-premises deployment is what we needed **Rating:** 5.0/5.0 stars **Reviewed by:** Charles Y. | Owner, Construction, Small-Business (50 or fewer emp.) **Reviewed Date:** October 31, 2023 **What do you like best about DerScanner?** Here is the thing, every single vendor is now a SaaS company. Everyone is rushing to the public cloud and it can be challenging for companies looking for privacy and confidentiality to get an on-premises deployment. At this stage of our business we don't feel comfortable with a 100% SaaS installation. That's why Derscanner has become a fit to offer a private cloud package for us. **What do you dislike about DerScanner?** DAST can be a bit tricky to configure at that first time. It's not like a drag and drop experience. But after some training we're good to go. **What problems is DerScanner solving and how is that benefiting you?** When it comes to relying on SaaS and cloud applications, updating software can become a cumbersome process that involves tweaking network policies. This is something we simply cannot afford to do due to our stringent security policies. While having an on-premise installation can allow us to get updates with no Internet access at all. The process is seamless: download the update, run a manual script, and you’re up to date. This not only adheres to our strict security protocols but also ensures that our systems are always running the latest and greatest. As for the capabilities of the scanner, we are satisfied in general. It offers a traditional bundle for static analysis and throws in open-source security for good measure, striking just the right balance for our needs. ### 4. Low false positives saves a lot of our time on analysis **Rating:** 5.0/5.0 stars **Reviewed by:** April C. | Communications Manager, Transportation/Trucking/Railroad, Mid-Market (51-1000 emp.) **Reviewed Date:** October 30, 2023 **What do you like best about DerScanner?** DerScanner has been instrumental in helping us track down and fix vulnerabilities across our platform. Its ability to quickly pinpoint issues and provide detailed guidance on how to secure our applications has been a game changer. The tool is incredibly user-friendly. Even if you’re not a hardcore developer, you can get the hang of it pretty quickly and start making your applications safer. This was a big win for us, considering the pace at which we operate and the majority of security folks in our team. **What do you dislike about DerScanner?** To be completely honest, DerScanner has fit so well into our workflow and has proven so useful that I'm hard-pressed to find something I don't like about it. Maybe as we continue to use it more extensively, we might come across areas that could be improved. **What problems is DerScanner solving and how is that benefiting you?** DerScanner’s speed and efficiency, along with its low rate of false positives, mean that our security checks don’t slow us down. This was a crucial factor in our decision to go with DerScanner. In our fast-paced environment, we need to be able to roll out new features quickly without compromising on security. DerScanner enables us to do just that, ensuring that our speedy development process doesn’t leave vulnerabilities in there. ### 5. As long as the apps are clean of bad code, the data is safe **Rating:** 5.0/5.0 stars **Reviewed by:** Martha F. | Front End Developer, Information Technology and Services, Mid-Market (51-1000 emp.) **Reviewed Date:** October 28, 2023 **What do you like best about DerScanner?** Honestly, I never thought I'd find something as comprehensive as DerScanner. It does static, dynamic, and open source analysis all in one place. For someone like me working at a training company, where we are constantly developing new training software, this is a game changer. And whenever I got stuck, the support team was there, ready to help. **What do you dislike about DerScanner?** When I first started using it, the amount of information it gave me was a lot to take in. It took a bit to figure out what’s what and not get lost in all the details. **What problems is DerScanner solving and how is that benefiting you?** With all the stories you hear about hacks and data breaches, knowing that DerScanner is there to find any sneaky backdoors or vulnerabilities before the bad guys do is a huge relief. We’re in the business of education, and our users trust us with their data. DerScanner helps us keep that trust by making sure our apps are as secure. ### 6. Solid choice for static code analysis, especially for Delphi. **Rating:** 5.0/5.0 stars **Reviewed by:** Peter J. | Project Manager, Information Technology and Services, Mid-Market (51-1000 emp.) **Reviewed Date:** October 25, 2023 **What do you like best about DerScanner?** OK, so I have to admit, DerScanner is pretty good when it comes to understanding Delphi code. It checks everything – the whole source code, libraries, and even resource files. I mean, it's like having a super-smart buddy checking your work for any possible mistakes. Keeping in mind I had some hard times finding a solution that does support Delphi — not the most popular framework these days. DerScanner has been a great find. **What do you dislike about DerScanner?** There are occasional false positives, but they were less often than in other solutions we have used. I assume it takes some time for a system to adapt to the type of code you have usually in your environment. With time the results are getting better. **What problems is DerScanner solving and how is that benefiting you?** What I really appreciate about DerScanner is that it finds the hidden, sneaky stuff in your code. Things like backdoors that someone might have left intentionally. That’s pretty crucial for our security. I also found it kind of educational. It opened my eyes to see how certain ways of coding, that seem totally fine at first, can actually be potential security risks. ### 7. The reports are speaking both developers and security languages **Rating:** 5.0/5.0 stars **Reviewed by:** Chris D. | Senior Associate, Outsourcing/Offshoring, Small-Business (50 or fewer emp.) **Reviewed Date:** October 24, 2023 **What do you like best about DerScanner?** I've had some previous experience with the scanners that's been built purely for developers and sometimes it's difficult to understand their language. DerScanner doesn’t just throw error codes or complex jargon at you, it shows you exactly where things went wrong and walks you through how to fix it. And that's all explained in the language that a security guy can understand. And for someone who isn’t exactly a coding hero, this makes a difference. As your security practice gets more mature you can benefit from Fuzzy Logic Engine technology. It doesn’t go off the rails sending false alarms every time there’s a minor issue. It knows how to tell the difference between a real vulnerability and a false alarm. **What do you dislike about DerScanner?** As we prefer the on-prem deployment the hardware requirements can be a bit resource consuming like the RAM it needs. But as long as it does the job, I'm fine with that. **What problems is DerScanner solving and how is that benefiting you?** We started with a couple of ad-hoc scans and then expanded the installation to our whole coding process. The scanner now integrates with all sorts of our CI/CD pipeline tools like Jenkins, GitHub and others. ### 8. Securing Applications from A to Z with DerScanner **Rating:** 5.0/5.0 stars **Reviewed by:** Adam D. | Information Technology and Services, Small-Business (50 or fewer emp.) **Reviewed Date:** October 06, 2023 **What do you like best about DerScanner?** What sets DerScanner apart is its holistic approach to application security. The correlation between static and dynamic analysis is a game-changer, ensuring vulnerabilities are not just identified but also validated dynamically. The inclusion of an SCA module to pinpoint outdated components and offer replacement recommendations shows foresight. DerScanner's integration capabilities, especially with CI/CD servers and issue tracking systems, demonstrate its adaptability in various development environments. **What do you dislike about DerScanner?** While its capabilities are vast, the user experience could benefit from a touch of refinement. With so many supported languages, file formats, and analysis methods, a simplified dashboard or modular UI might be more approachable for both new and seasoned users. **What problems is DerScanner solving and how is that benefiting you?** DerScanner has been instrumental in elevating our application's security by identifying vulnerabilities at every level. Its ability to perform a comprehensive analysis ensures that our applications are watertight against potential breaches. Furthermore, its integrative features have seamlessly fit into our development lifecycle, automating security checks, and ensuring timely remediation, saving both time and resources. - [View DerScanner pricing details and edition comparison](https://www.g2.com/products/derscanner/reviews?section=pricing&secure%5Bexpires_at%5D=2026-05-16+02%3A53%3A02+-0500&secure%5Bsession_id%5D=eacef2fb-9912-4c4e-82f8-2d8575ea9dad&secure%5Btoken%5D=a6c74c9dbe3719d54163cafc8796f5cc808e928ab801b666d979541bcb02dc3e&format=llm_user) ## DerScanner Features **Administration** - API / Integrations - Extensibility **Administration** - API / Integrations **Functionality - Software Composition Analysis ** - Language Support - Integration - Transparency **Analysis** - Reporting and Analytics - Issue Tracking - Static Code Analysis - Code Analysis **Analysis** - Reporting and Analytics - Issue Tracking - Static Code Analysis - Vulnerability Scan - Code Analysis **Effectiveness - Software Composition Analysis** - Remediation Suggestions - Continuous Monitoring - Thorough Detection **Testing** - Command-Line Tools - Compliance Testing - Black-Box Scanning - Detection Rate - False Positives **Testing** - Compliance Testing - Black-Box Scanning - Detection Rate - False Positives **Agentic AI - Static Application Security Testing (SAST)** - Autonomous Task Execution ## Top DerScanner Alternatives - [GitHub](https://www.g2.com/products/github/reviews) - 4.7/5.0 (2,279 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) - 4.5/5.0 (874 reviews) - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) - 4.7/5.0 (773 reviews)