News

06 Oct
October 06, 2020

Xanitizer GitHub Action

We are very proud to announce our new Xanitizer GitHub Action, which integrates with GitHub code scanning. Code scanning is a native feature available within GitHub Advanced Security that enables developers to prevent security issues in code, before they reach production. This complete and automated approach enables increased developer productivity, reduced risk and improved time-to-market.

With the new Xanitizer GitHub Action you can run your Xanitizer analysis right on your repository
within the GitHub infrastructure and see the results in GitHub’s new Security tab. You can address security risks earlier, automate vulnerability fixes, and enforce policies as code to ship secure applications.

02 Oct

October 02, 2020

it-sa 365 it-sa 365 logo

This year, Europe’s leading congress and expo for IT security is going digital. The new digital IT security platform it-sa 365 starts October 6.

Get in touch with us digitally for the whole year at the it-sa 365. Please note that you have to be logged in to contact us directly via the it-sa 365 website.

02 Oct
October 02, 2020

heise devSec 2020heise devSec conference logo

RIGS IT is gold sponsor of the heise devSec 2020 from October 21 to 22.

Talk with us digitally about the newest features of Xanitizer and how it can automatically detect vulnerabilities in your code.

25 Aug
August 25, 2020

Xanitizer 5.1 Release with Vue.js Support

Xanitizer 5.1 enhances the security analysis of JavaScript projects by supporting the Vue.js framework and by detecting new problem types in JavaScript.

In addition to other improvements, the results of a security analysis can now be exported in the SARIF format to integrate the results into further common third-party tools.

01 Jul
July 01, 2020

Xanitizer Now Supports JavaScript, TypeScript and Angular

With version 5.0, Xanitizer supports JavaScript, TypeScript and Angular. You are now able to analyze your whole Java full stack projects together with backend code implemented for Node.js.

Xanitizer performs a complete data flow analysis on the JavaScript code. This dramatically reduces the number of false alarms which would otherwise occur for an untyped language like JavaScript. Here you can read in detail how the analysis is done by Xanitizer.

01 Jul
July 01, 2020

Xanitizer 5.0 Scores 100% in the OWASP Benchmark Test Suite for Security Analysis Tools

The OWASP Benchmark Project is an open-source test suite designed to evaluate the accuracy and coverage of automated security analysis tools like Xanitizer. It comprises about 2700 test case/weakness pairs, and for each of these pairs, it is specified if a security vulnerability for that weakness should be found in the test case or not. Thus, it can not only be used to measure what percentage of the problems are detected by a security analysis tool ("True Positive Rate"), but also how many false alarms are generated ("False Positive Rate").

The OWASP Benchmark project comes with precomputed results for a number of commercial and non-commercial security analysis tools. For the new 5.0 release we further improve the already excellent accuracy of Xanitizer. Xanitizer now scores 100% in the OWASP Benchmark test suite. This means that Xanitizer 5.0 detects 100% of the vulnerabilities with 0% false alarms. The reported average of the quality values for other commercial security analysis tools is only 26% (see here for more details).
Read more about how Xanitizer scores 100% in the OWASP Benchmark test suite.

28 Feb
February 28, 2020

Xanitizer 4.4 Release

If several of your security consultants analyze different parts of a software and you want to merge their results into one common report, or if you want to merge their comments for security findings on a feature branch into the Xanitizer time line of the master branch, you should switch to the new Xanitizer 4.4 major release, which is available now. The new merge feature can also be easily integrated into your merge process by using our integrations into the different build systems.

25 Nov
November 25, 2019

Xanitizer Support for Alpine Linux

Alpine Linux is a security-oriented, lightweight Linux distribution. It is more resource efficient and smaller than traditional GNU/Linux distributions. Therefore a standard Java VM does not work with Alpine Linux. A Xanitizer for Alpine Linux is released with the new maintenance version 4.3.3.

11 Nov
November 11, 2019

Jenkins Plugin Available

A Xanitizer security analysis can now be configured directly in the open source automation server Jenkins via the Xanitizer Jenkins plugin. Further information on how to setup Jenkins for a Xanitizer security analysis can be found here. Please note, that the new Xanitizer maintenance release 4.3.2 is required.