Includes a combination of:
- Secrets, access control, hardcoding across many providers and systems
- 3rd party services
- 3rd party vendors + misconfiguration
- Non programming language assets
- Out of band assets (such as binary data)
- By-design overhead (large projects)
- Developer workflows: CI, pre-commit
- Extensibility and customizations
Designed to test and showcase:
- Coverage and value for sensitive, high risk, access control data
- High cloud services scenarios
- High open source usage integration scenarios
- Code security as a whole (full asset scan)
- Speed and efficiency of complex scans
- Ease of integration and developer experience