ShiftLeft Security: Sastav Source Code Analysis System

2025: Sastav Interface Optimization

ShiftLeft Security, part of the ITD Group, has released an updated software release for static analysis of SASTAV source code. This release includes a number of significant changes and improvements to improve usability, performance, and product reliability. ITD Group announced this on March 4, 2025.

One of the key changes was the complete update of the SASTAV interface. The interface has been redesigned to accommodate design and usability (UX) trends. Users can now find the features and settings they need faster with intuitive navigation and a simplified menu structure. In addition, visual elements have been improved, which makes working with the product even more comfortable and pleasant.

The release significantly increased the performance of the solution. Optimization of analysis algorithms made it possible to reduce the time for performing checks, which is especially important when working with large projects. This change makes the development process more efficient and reduces the time spent on code analysis.

To improve the stability of the product, work was carried out on its fault tolerance. In the event of errors or failures, the program is now able to automatically restore its functionality without losing data. This minimizes downtime risks and ensures a continuous development team.

An important aspect of the version is the optimization of system resource consumption. The solution has become less demanding on memory and processor time, which allows it to be used even on less powerful devices. This is especially true for teams operating in resource-constrained environments.

Modified role model, added the possibility of user roles The role model of the product has been significantly revised, and now it is a set of embedded and predefined roles that correspond to the underlying basic user scenarios, which allows you to easily go through a successful scanning path out of the box. This flexible configuration system allows you to create a set of user roles with a free set of privileges, which allows you to flexibly integrate into existing workflows and adapt the system to customer realities. This helps you better monitor your development processes and keep your information secure.

Previously, all scan settings were applied to all projects at once. In this release, it became possible to set scan parameters separately for each project. This gives users more freedom to customize the details of launching and scanning code (presets) for specific needs and features of their projects.

Now the product supports licensing microservices (repositories up to 15 thousand lines of code), which makes it an ideal choice for companies using a microservice architecture in development. This will help optimize license costs and simplify their management.

The product is now fully compatible with the Kubernetes platform, which opens up new opportunities for scaling and automating processes. Users will be able to integrate the tool into their existing infrastructures and take advantage of all the advantages of containerization.

In addition to updating the interface, improving performance and fault tolerance, we have increased the accuracy of responses as part of cascading AI validation of source code defects. All this makes SASTAV even more attractive to a wide range of users. We continue to actively work on improving our products, said Ksenia Kalemberg, managing partner of ShiftLeft Security.

2024: Inclusion in the register of Russian software

The software "SASTAV Source Code Analysis System for Vulnerabilities" is included in the Unified Register of Russian Software. The static analyzer is used early in the development process and helps detect vulnerabilities in the code with a minimum of false positive and false negative positives. The decision was approved by the Ministry of Digital Development and can be used in state corporations and structures. The developer announced this on December 4, 2024.

𝓲

Фото: ITD Group

SASTAV performs automated vulnerability scanning, builds visualization of attack vectors, identifies the most effective location for patching, and provides recommendations for troubleshooting code errors. Using the AI Assistant in the analyzer minimizes the effort of tripling scan results and reduces the time required to correct the code.

The key features of SASTAV are: graph construction, specifying the optimal correction point, high speed, seamless embedding in the development cycle, accurate scan results, intuitive interface, support for the most popular languages.

An important component that increases the efficiency of the SASTAV static analyzer and reduces the complexity of code correction work is the use of the cascade AI validation methodology developed by our specialists. The inclusion of the solution in the "Unified Register of Russian Programs" will allow us to expand the range of potential users, noted co-owner of ITD GroupKsenia Kalemberg.

The entry on the inclusion of the "SASTAV Source Code Analysis System for Vulnerabilities" in the register of Russian software was entered on the basis of a decision of the expert council of the Ministry of Ministry of Digital Development of Russia of August 12, 2024 (No. 538pr). The product is registered in the register on August 29, 2024 under the number 23718.

The developer ON of the SASTAV Source Code Analysis System for Vulnerabilities is LLC (ShiftLeft PAYNAP Security brand). It was founded in 2015. It is part of the Russian ITD Group of companies.