Node.js Support

Over the last year, our engineers worked hard to apply our static code analysis algorithms from Java and PHP to a new JavaScript engine. The result is our third language specific analysis engine which accounts for all code features, characteristics, and flavors of the highly dynamic JavaScript language in order to detect the most complex security vulnerabilities and related code quality issues as accurately as possible. With our unique analysis approach and new innovations, we tackled major static analysis challenges (e.g. prototypes and callbacks) and achieved the same leading performance results as our other language specific engines that scan even large code bases within minutes. In its current version, our new engine focuses on Node.js applications but can also scan client-side JavaScript code. In the next few months, we will add more detailed support for popular frameworks, such as Angular, React and jQuery, as well as more JavaScript supersets like Flow and TypeScript. Test our new engine and please provide feedback!

Node.js SQL Injection

Framework-specific Code Patching

RIPS is the only SAST solution that is able to accurately generate a patched version of the vulnerable code lines it detects. In RIPS 3.4, we refined our Rapid Code Patching technology. It is now able to adjust the proposed code patches depending on the framework, content management system, and template engine that you are using in your code. This way, RIPS helps to efficiently fix your code with patches that match your coding style. We also added support for more vulnerability types, improved the overall accuracy of our patches, and significantly boosted the patch generation time.

Rapid Code Patching

Security Summary Reports

In our previous release, we added a notification system to RIPS’ interface that keeps you up-to-date of all activities in your team. We extended this feature with a security summary report that can be activated and sent out to you via email on a monthly basis. Each report summarizes the current state of your application’s security, your team’s performance, and important product notifications. This way, you can easily stay updated on your application’s security and progress.

Security Summary Report

Admin Panel for Data Center Edition

With RIPS 3.3, we introduced a new Data Center Edition that enables customers to scale RIPS security analysis across multiple servers in large enterprises. Our new admin panel allows the easy management of your private RIPS cluster. You can now control different organizations, users and their activities. For every scan, you can review the settings, analysis time and memory consumption on the used server instance for the purpose of debugging problems. The panel also generates statistics so that you can quickly identify performance trends and bottlenecks to take corrective actions. Get a personal product demo to find out more!

Admin Panel for Data Center Edition

Other Improvements

Many other features, improvements and bug fixes were added in RIPS 3.4 and to our infrastructure. For example, we improved the overall performance of our SaaS platform, and we were able to boost the analysis time of our PHP engine by up to 20% per scan. We also added support for PHP 7.4 with property types and improved our dedicated support for the following PHP frameworks:

  • Lumina
  • Zend3/Expressive
  • SilverStripe
  • Apigility
  • API Platform

Last but not least, we significantly upgraded our Java engine that now scores a perfect 100% for the OWASP benchmark suite (find out more)!

Update to the latest version today, or request a free trial to try out our new features!