Overview
Deep Analyze is an AI-driven static analysis feature that inspects source code for security vulnerabilities using program-structure analysis, call-graph extraction, and a multi-agent system.Privacy commitment: We do not train our models with your data. Your source code and analysis results remain private and are never used for model training purposes.
Key capabilities
Zero-day vulnerability detection
Deep Analyze leverages call graphs to detect zero-day vulnerabilities from user-controlled inputs, including:
- Authorization and authentication bypass
- SQL injection
- Server-Side Request Forgery (SSRF)
- Remote Code Execution (RCE)
Integration points
Use Deep Analyze in:
- Security engineering workflows
- CI/CD security pipelines
- Code review and PR validation
- API and microservice security scanning
Vulnerability detection
Critical vulnerability categories
Deep Analyze identifies critical vulnerability categories:
- Broken Access Control - Unauthorized access to resources
- SQL Injection - Database manipulation through untrusted input
- Server-Side Request Forgery (SSRF) - Unauthorized server-side requests
- Remote Code Execution (RCE) - Arbitrary code execution
Validation workflow
Prefindings validation
All detected issues surface as prefindings. You validate each to determine:
- Findings - Confirmed vulnerabilities requiring remediation
- False Positives - Issues that can be safely dismissed
Vulnerability details
Actionable insights
For each detected vulnerability, Deep Analyze provides:
- Human-readable description
- Suggested code fixes
- CWE references and descriptions
- CVSS severity scoring
