Static Application Security Testing Solution

About FibulaCOBAS

Static application security testing (SAST) is analysing source code to find security vulnerabilities that make the software susceptible to attack. FibulaCOBAS is an easy to use and effective SAST solution that protects you against application security risks by detecting security defects not only after development but also while developing code and by providing coding samples to remediate.

Detecting and fixing the security defects in development phase prevents the need to switch back and recode in case of later detection. Therefore security analysis and remediation of the software code during development lowers the cost of projects and shortens project periods.

Developers show tendency to concentrate on creating functioning software but mostly they do not consider security aspects. FibulaCOBAS provides an easy to use and effective source code security analysis platform that becomes a part of the world of developers by integrating with the development platform and showing security defects as part of software errors and warnings. It empowers secure software development capabilities of developers without making things hard for them.

FibulaCOBAS, supports both automatic and manual scanning functions. Besides source code of applications, it scans binary files like executable files and software libraries. 

FibulaCOBAS sends all scan findings to central management server and enables security professionals to centrally track vulnerabilities detected in all development machines. 



Provides an easy and cost effective way to mitigate application security risks.


Detects vulnerabilities while developing code without the need to build the code or run commands.


Provides detailed guidance on detected vulnerabilities and enables easy remediation.

Instant Vulnerability Detection

Detects vulnerabilities in the source code of web, mobile and desktop applications while developing code and sends them to central management server.

Integration with Development Platform

Integrates with software development platforms, detects vulnerabilities in real time while coding and underlines the code as soon as vulnerability is detected.

Testing Binary Files

Tests executable files and software libraries such as EXE, DLL, JAR, etc.

File Integrity Monitoring

Monitors integrity of source code & binary application files and triggers a scan automatically when the application is changed.

DevOps Integration

Provides static security testing capabilities in DevOps processess by integrating with Jenkins, TFS, Sonarqube, Jira, etc.

Central Management Capabilities

Enables security professionals to manage manual and automatic scans and centrally track vulnerabilities detected in all development machines.

Static Testing After Development

Analyzes the source code of applications developed in other platforms that FibulaCOBAS was not installed. Scans built application files and libraries.

Vulnerability Remediation

Reports vulnerability details including source code examples while coding and after each scan.

Periodic Testing

Provides period static security testing capabilities via scheduled tasks


Computes risk scores for developers & projects and provides comprehensive scan reports.