Ω

FAQ

How can I secure my serverless application?

Honestly, we cannot give you a definite answer. Securing your applications always depends on your application’s logic, which assets you want to secure, and how much time you are willing to invest.

CodeShield can help you by automatically finding security vulnerabilities in your Serverless application, showing which are actually exploitable and fixing them.

Why do you offer a free service for open-source projects?

We aim to provide an excellent tool for developers and we think that developers that spend their time contributing to open-source projects should not be forced spend money to secure their projects. We want to give something back to the community that is supporting us all the way!

How does CodeShield work?

CodeShield is a static security analysis for your application code and CloudFormation files. In summary, we

  • checkout your GitHub repository
  • analyze your CloudFormation/SAM files
  • analyze the project’s source-code
  • merge your infrastructure definitions and source-code into a common representation
  • scan the common representation for OWASP Serverless Top 10 vulnerabilities, including vulnerable open-source dependencies, and cloud resource misconfigurations using cutting-edge static data-flow analysis
Finally, we report all findings within a graph and source-code visualization of your Serverless application.

What is the difference to tool X?

At CodeShield we strive to provide a tool developers love.

Unfortunately, security tools have always been a pain to use due to bad usability and understandability, high false positive rates and long scanning times. Moreover, only a few static analyses are ready for serverless applications. With CodeShield we aim to solve these issues and provide a tool that enables developers to painlessly visualize, understand, and fix security vulnerabilities.

From one's own experience we know that writing apps oftentimes leaves us with a bad gut feeling due to not knowing if everything was properly implemented securely. CodeShield aims to provide transparency and safety regarding the app's security, so you can sleep well at night again.

Which programming languages does CodeShield support?

CodeShield supports JavaScript/Node.js and languages running on the Java Virtual Machine, e.g., Java, Scala, Kotlin. Furthermore, we are currently working on support for Python.

Does CodeShield support X?

If you haven’t found the answer yet, the answer is most probably not yet, but we are working on it.

If you have a feature request, let us know!

I found a bug!/CodeShield fails to scan my code!

I bet we are already working on a fix for your issue. However, to be sure we are aware, please send us a short bug report using the dashboard, the chat, or send a mail to support@codeshield.de.

I could not find an answer to my question!

Sorry, Our bad! Let us known and we will update our FAQ!

In case you haven’t found the answer for your question please feel free to contact us, we will be happy to help you.

Secure your Serverless-Application now!