CybeDefend offers a multi-layered security solution across your codebase, infrastructure, and third-party dependencies. We combine:
- CybeDefend Engine – Aggregates and cross-references results from multiple open-source and proprietary scanners, minimizing duplicates and noise.
Why Use CybeDefend?
- Unified Scanning: The CybeDefend Engine merges findings from different tools into a single, concise view.
- Reduced Noise: Duplicate or overlapping vulnerabilities are identified and consolidated, preventing alert overload.
1. Static Application Security Testing (SAST)
SAST inspects your source code to catch vulnerabilities early in the development process. CybeDefend unifies open-source scanners (e.g., Semgrep) under the CybeDefend Engine.
Supported Languages
| Language | Primary Scanners |
|---|
| Go | CybeDefend Engine & Rules + Opengrep |
| Python | CybeDefend Engine & Rules + Opengrep |
| Java | CybeDefend Engine & Rules + Opengrep |
| JavaScript | CybeDefend Engine & Rules + Opengrep |
| C | CybeDefend Engine & Rules + Opengrep |
| C++ | CybeDefend Engine & Rules + Opengrep |
| C# | CybeDefend Engine & Rules + Opengrep |
| PHP | CybeDefend Engine & Rules + Opengrep |
| Ruby | CybeDefend Engine & Rules + Opengrep |
| Rust | CybeDefend Engine & Rules + Opengrep |
2. Infrastructure as Code (IAC) Security
IAC scanning ensures that cloud and container configurations adhere to best practices. The CybeDefend Engine works with scanners like Checkov, Trivy, and KICS to identify misconfigurations. Unlike SAST, enabling AI Mode for IAC does not provide line-level dataflow (which is primarily for code), but the Engine still handles intelligent vulnerability matching and deduplication.
Supported Technologies
| Category | IAC Types | Scanning Tools |
|---|
| Cloud Configurations | Terraform, CloudFormation, AWS CDK, Azure RM, Helm, Kubernetes | CybeDefend Engine + Checkov, KICS, Trivy |
| Serverless Security | AWS Lambda, Azure Functions | CybeDefend Engine + Checkov, KICS |
| Container Security | Dockerfiles, Docker Compose | CybeDefend Engine + Trivy, KICS |
| OpenAPI / gRPC | .json, .yaml, .proto | CybeDefend Engine + KICS |
IAC misconfigurations can lead to severe breaches. The CybeDefend Engine identifies issues in your code, saving you from manually piecing together results from multiple scanners.
3. Software Composition Analysis (SCA)
SCA detects vulnerabilities in third-party libraries and open-source dependencies. CybeDefend uses the CybeDefend Engine combined with GitHub Advisories to identify known flaws in your dependencies.
| Engine | External Advisory Source |
|---|
| CybeDefend Engine | GitHub Advisories |
Files & Package Managers
Below is a non-exhaustive list of key files we inspect:
| Language/Framework | File Examples |
|---|
| Node | npm-shrinkwrap.json, yarn.lock, pnpm-lock.yaml, pnpm-lock.yml, bun.lock, bun.lockb, deno.lock, libman.json, package.json, package-lock.json |
| Java | gradle.lockfile, build.gradle, .jar, .war, .ear, pom.xml |
| Swift | Package.resolved, Podfile.lock |
| .NET (NuGet) | .deps.json, packages.lock.json, Packages.props |
| Kotlin | gradle.lockfile |
| Elixir | mix.lock |
| C/C++ | conan.lock |
| Scala | build.sbt, plugins.sbt, dependencies.scala, libraries.scala, .sbt.lock |
| Clojure | deps.edn |
| Generic | composer.json, requirements.txt, Pipfile, Pipfile.lock, poetry.lock, pyproject.toml, Gemfile, Gemfile.lock, Cargo.toml, Cargo.lock, go.mod, pubspec.yaml, pubspec.lock, packages.config, Package.swift, rebar.config, rebar3.config, rebar.lock, rebar3.lock, .gemspec, .csproj, .nuspec, .yml, .yaml |
If you use special file names or custom project layouts, you can configure file-patterns in the CybeDefend dashboard to ensure they are recognized and scanned.
Related: Scan Parameters · Create a Project · Cybe Analysis 
