Develop Faster, Better, More Secure Serverless-Applications

Visualize, analyze and secure the Resources and Data-Flows
of your Serverless Code with every change.

CodeShield Dashboard

Want to check out the features CodeShield offers?

We have prepared a guided preview for you and collected answers to frequently asked questions.

> Automated AWS Resource Diagrams

Visualize your Infrastructure & Data Flow

Get an overview of which JSON objects and data your AWS resources exchange. CodesShield generates easy to understand architecture diagrams directly from your SAM, CloudFormation files and source code.
Use them to easily troubleshoot API and security issues, verify your implementation or visualize your architecture for QA and audits.

To provide detailed insights, CodeShield applies static-analysis to track the data flow between your Serverless functions and the cloud infrastructure.

Learn more
Dashboard visualizing AWS resources Dashboard visualizing data flow between resources

user:~$ OWASP SAS-10 Security Analysis

Follow the Data within your AWS Infrastructure - Across Events, Lambdas, and Tables.

Coming Soon

Know your sensitive data-flows better than your attacker. Detect event-data injections during development.

CodeShield discovers OWASP SAS-10 vulnerabilities even if they span across multiple functions. Vulnerabilities are visualized in your architecture and your code.

Learn more
Dashboard with security warnings

Open-Source Security_

Manage your Open-Source Dependencies

Coming Soon

Get informed about known vulnerabilities in used open-source software immediately.

CodeShield detects known vulnerabilities (CVEs) in the used open-source software, assesses their risk, and suggests updates.

Learn more
Dashboard showing vulnerable OSS dependencies Dashboard suggest fix for vulnerable OSS dependencies

Leverage your Technologies



Analyse the configuration of your AWS Serverless Application Model files.

AWS CloudFormation

AWS CloudFormation

Analyse the configuration of your AWS CloudFormation files.



Run code analysis on your Java source-/bytecode.



Run code analysis on your node.js code.



Integrate with GitHub.

Recent Posts

By Manuel Benz on February 8, 2021

This article is part two of a series on how to prevent code injection attacks against Serverless applications using AWS Web application firewalls.

By Manuel Benz on November 25, 2020

This article is part one of a series on how to prevent code injection attacks against Serverless applications using AWS Web application firewalls.

By Andreas Dann on November 6, 2020

We released an Java adaption of the OWASP Serverless Goat in our GitHub Repo.

By Johannes Späth on October 26, 2020

In this article, we explain the myth behind false positives and discuss two types of false positives.


Secure your Serverless-Application now!