Look for a
lock () or https:// as an added precaution. Share sensitive
information only on official, secure websites.
Features
Identification of similar vulnerabilities
XCA scans benefit from CSG’s experience in conducting multiple security tests and vulnerability disclosures to identify similar vulnerable code patterns in your applications.
High-confidence scanning rules
XCA Rules are carefully crafted and curated by CSG, with strict quality tests to ensure a high true-positive rate of detected issues. Teams can therefore focus on remediating XCA findings over generic rulesets used by other general SAST solutions.
Agile ruleset
XCA Rules are InnerSourced on SHIP-HATS 2.0 GitLab and welcome contributions from developers and cybersecurity specialists. Contributed rules go through the same rigour of quality tests, which weeds out low-confidence rules and improves the quality of contributed rules.
InnerSource refers to the application of open-source software development practices to develop private code within organisations.
Integration with GitLab
XCA is designed to operate alongside other code scanning solutions and is deeply integrated with GitLab’s-native features. Teams can interact with XCA findings through the familiar GitLab UI, as with all other GitLab built-in tools.
Thanks for letting us know that this page is useful for you!
If you've got a moment, please tell us what we did right so that we can do more of it.
Did this page help you? - No
Thanks for letting us know that this page still needs work to be done.
If you've got a moment, please tell us how we can make this page better.
XCA
A Set of Custom Rules That Detect Repeated Vulnerabilities in Code