- Uses AST for threats detection
- Integrates with IntelliJ platform IDEs and supports convenient fix suggestions
- Integrates to CI/CD pipeline
- Easily configurable with XML and Gradle DSL
- Supports different output formats: XML, SARIF, HTML
- Stops the build if critical issues found
- Scans both Java and Kotlin code
| Issue | CWE |
|---|---|
| Hidden Elements | CWE-919: Weaknesses in Mobile Applications |
| Incorrect Default Permissions | CWE-276: Incorrect Default Permissions |
| Insecure File Operating Mode | CWE-276: Incorrect Default Permissions |
| Insufficient Cryptography | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| Insufficiently Random Values | CWE-330: Use of Insufficiently Random Values |
| IP Address Disclosure | CWE-200: Information Exposure |
| SQL Injection | CWE-89: SQL Injection |
| Insecure WebView Implementation | CWE-749: Exposed Dangerous Method or Function |
| Allow Backup Application | N/A |
| Android Secret Code Usage | N/A |
| Cleartext Traffic Usage | N/A |
| Debuggable Application | N/A |
| Insecure Application Components | N/A |
| Not Protected Application Components | N/A |
| Test Only Application | N/A |
- Issue highlight
- Title
- Issue description with CWE link
- Suggested replacement
- Suggested replacement (in action dialogue)
- Ability to ignore the issue
