codemind

codemind.io 네이버블로그 페이스북 유튜브
ENG
KOR
네이버블로그 페이스북 유튜브

Into the Source, CODEMIND
Through top-notched SW analysis technology, enjoy technology becoming magic.

T. 02-859-2633

FAQ

Total : 20

  • Q
    What languages can be diagnosed?
  • C/C++, C#, Java, JSP, JavaScript, PHP, ASP, ASP Net, Python, HTML, XML, SQL, iOS (Objective-C), Android (Java), Visual Basic, VB Script, Pro*C, Kotlin, Swift, etc.
  • Q
    What operating systems are this compatible with?
  • It is compatible with the Windows and Linux operating systems.
  • Q
    What platforms does it support?
  • Java framework: e-government standard framework, Spring, Struts framework, iBatis, MyBatis
    C framework: ProC
  • Q
    What is the system configuration?
  • It is composed of a web-based server and users use it through a web browser. It does not install a separate client agent.
    Does it support a web environment management system?
    Analysis results can be checked on the web and are available for online collaboration.
  • Q
    Is the developer IDE plugin available?
  • It currently supports plugins for Eclipse, Android Studio, and IntelliJ IDEA. (XCode, Visual studio will be available in the future)
  • Q
    What are the detection items?
  • It examines 104 Java-based secure coding and quality diagnosis items. Depending on the language, the list of detected items varies.
  • Q
    What coding standards does it support?
  • It supports 47 security weaknesses of the Ministry of Public Administration and Security, 8 security vulnerabilities of the National Intelligence Service, security vulnerabilities of the Financial Supervisory Service, and Top 10 security weaknesses of the OWASP, Top 25 security weaknesses in CWE /SANS, MISRA C, CERT, and coding guidelines of the Defense Acquisition Program Administration.
  • Q
    Can you explain the defect tracking function?
  • It is possible to automatically trace the defective code and present a summary of the occurrence path from the defect to the cause of the defect. It even traces the cause of the defect in another file, although it may be not straightforward in some cases.
  • Q
    Do I need a separate compiler or build environment?
  • Since CODEMIND CSI/CQI does not build a source code, it does not require a compiler or build environment. However, you will need headers or interface files referenced by the source code.
  • Q
    How can I view my analysis history?
  • Each analysis report gets its own serial number. The analysis results are compiled, and the overall analysis results are shown in a graph.
  • Q
    What is the true positive rate?
  • It shows 95% or greater true positive rate for Java languages. However, it may be different for other languages and would depend on the characteristics of the source code.
  • Q
    Do you provide revision recommendations?
  • We provide detailed recommendations with samples for each language.
  • Q
    In what file format can the analysis result report be export…
  • Reports can be exported as XML, MS WORD, PDF, EXCEL, and CSV files.
  • Q
    How do you support issue management integration?
  • Support is available through API and CLI.
  • Q
    How do you support configuration management integration?
  • Standardized SVN and Git are supported on the menu, and others are supported through API and CLI.
  • Q
    Does this product have credible certifications?
  • It has GS certification and CC certification.
  • Q
    How can I purchase the product license?
  • Three options are available for CODEMIND CSI/CQI license: purchase, rental (term can be negotiated), and diagnosis service (one-time).
  • Q
    Where can I get a product quote?
  • You may request for a quote through the customer support page on the website, or email sales@codemind.co.kr or call 02-859-2633.
  • Q
    What is your support policy?
  • We offer free support for 12 months after when delivery is complete. Paid service is provided after the free period is expired. Our services include system stabilization support, telephone response to operational failures, minor updates, and bug patches.
  • Q
    How do you provide user training?
  • User training is provided upon delivery. Source code testing training can be provided separately upon customer request.
1 

We will be responsible for
software safety and security while putting
the highest priority on customer value

Conatct