Ω

VISUALIZE | UNDERSTAND | SECURE

Develop Better, Faster,
More Secure
Serverless-Applications

Visualize, understand and secure your Serverless Infrastructure with every change.

Contact Us
CodeShield Dashboard

Automated AWS Resource Diagrams

Visualize your Infrastructure with Every Change

CodeShield generates easy to understand architecture diagrams directly from your SAM and CloudFormation files and source code.
Providing accurate information for troubleshooting, security analysis, or verifying implementations.

To provide detailed insights, CodeShield applies static-analysis to track the data flow between your Serverless functions and the cloud infrastructure.

Visualize your infrastructure
Dashboard visualizing AWS resources Dashboard visualizing data flow between resources

OWASP SAS-10 Security Analysis

Follow your Data within your AWS Infrastructure - Across Events, Lambdas, and Tables.

Know your sensitive data-flows better than your attacker. Detect event-data injections during development.

CodeShield discovers OWASP SAS-10 vulnerabilities even if they span across multiple functions. Vulnerabilities are visualized in your architecture and your code.

Scan for OWASP-SAS 10
Dashboard with security warnings

Open-Source Security

Manage your Open-Source Dependencies

Get informed about known vulnerabilities in used open-source software immediately.

CodeShield detects known vulnerabilities (CVEs) in the used open-source software, assesses their risk, and suggests updates.

Secure OSS Dependencies
Dashboard showing vulnerable OSS dependencies Dashboard suggest fix for vulnerable OSS dependencies

Supports your Technologies

AWS SAM

AWS SAM

Analyse the configuration of your AWS Serverless Application Model files.

AWS CloudFormation

AWS CloudFormation

Analyse the configuration of your AWS CloudFormation files.

Java

Java

Run code analysis on your Java source-/bytecode.

JavaScript

Node.js

Run code analysis on your node.js code.

GitHub

GitHub

Integrate with GitHub.

Our Recent Posts

Read more

How to Prevent Code Injection Vulnerabilities in Serverless Applications (Part 1/2)

By Manuel Benz on November 25, 2020

This article is part one of a series on how to prevent code injection attacks against Serverless applications using AWS Web application firewalls.

Continue reading
Read more

ServerlessGoat Java

By Andreas Dann on November 6, 2020

We released an Java adaption of the OWASP Serverless Goat in our GitHub Repo.

Continue reading
Read more

The Myth of False Positives in Static Application Security Testing

By Johannes Späth on October 26, 2020

In this article, we explain the myth behind false positives and discuss two types of false positives.

Continue reading
Read more

Sicherheitslücken in der Corona-Warn-App

By Manuel Benz on June 16, 2020

Jetzt wo die Corona-App offiziel veröffentlicht ist, dürfen wir über unsere Ergebnisse sprechen.

Continue reading

Supported By

Secure your Serverless-Application now!

Contact Us