Static Application Security Testing Platform

Detect Security Vulnerabilities in Your Code, Prioritize, and Remediate

Remedify instantly finds and prioritizes security vulnerabilities in your code. Stop wasting time on confusing false alarms — AI-powered filtering surfaces only the truly critical findings.

Request Demo Explore
0
Security Rules
0
Languages
0
AI Providers
0
On-Premise
SecurityScan.cs — Remedify SAST
12public ActionResult GetUser(string id)
13{
14 // ⚠ SQL Injection — Tainted input
15 var query = "SELECT * FROM Users WHERE Id = '" + id + "'";
16 db.ExecuteSqlRaw(query);
17}
// ✅ Remedify Fix Suggestion:
15 var query = "SELECT * FROM Users WHERE Id = @p0";
16 db.ExecuteSqlRaw(query, id);
Scan Complete
3 findings detected → 1 false positive filtered
Why Remedify?

Redefining SAST

Remedify detects security vulnerabilities with its powerful static analysis engine. Enhance your results with optional AI modules.

Powerful SAST Engine

Scan your source code comprehensively with taint analysis, AST-based indexing, and 150+ security rules. Detect vulnerabilities without requiring AI.

100% On-Premise

Your data never leaves your infrastructure. Air-gapped environment support, HWID binding, and enterprise licensing for complete security. Runs as a single binary.

Easy Integration

One-click repo import with GitHub, GitLab, Azure DevOps. Create Jira issues directly. Trigger automatic scans via webhooks.

Optional AI Modules

Optionally filter false positives with AI, discover hidden vulnerabilities with deep scan. Enhance your SAST results with artificial intelligence.

Taint Analysis

Track data flow from user inputs to dangerous functions with Source → Sink analysis. Sanitizer recognition and variable chain resolution.

Multi-Language UI

All UI elements, error messages, and vulnerability descriptions in Turkish and English. Ideal for government agencies and international enterprises.

Made in Turkey

Developed by Turkey's SAST Pioneers

Remedify was developed by an experienced cybersecurity team that pioneered the adoption of Static Code Analysis (SAST) methodology in Turkey and has successfully delivered the most SAST projects in the country over the past decade. This expertise ensures Remedify is not just a technical product, but an engineering platform shaped by deep, field-proven implementation experience.

Designed entirely with local engineering expertise, Remedify strengthens organizations' software security while reducing dependence on foreign technologies. Its architecture, built for institutions with the highest security requirements, makes source code security processes manageable and sustainable at enterprise scale.

Remedify is a trusted partner for organizations operating in critical infrastructure — including government agencies, defense industry, financial sector, and telecommunications companies. As part of a vision for indigenous technology development, Remedify positions itself as a platform that strengthens Turkey's national competence in cybersecurity and enhances independence in strategic technologies.

10+
Years of SAST Experience
First
SAST Methodology in Turkey
#1
Most SAST Projects Delivered

Made in Turkey

  • Original SAST engine designed and developed in Turkey
  • Full Turkish and English language support
  • On-premise architecture for government and defense sectors
  • Air-gapped environment and HWID binding support
  • Compliance with local regulatory requirements
  • Experienced local R&D engineering team
Supported Languages

Broad Language and Framework Support

Scan your projects across 10 programming languages with 150+ security rules — fast and comprehensive. Including mobile security (Android + iOS) with a continuously growing rule set.

C# / .NET
46 Rules
SQL InjectionXSS (Stored/Reflected)CSRFCommand InjectionPath TraversalSSRFJWT BypassInsecure DeserializationLDAP InjectionNoSQL InjectionCode InjectionMass Assignment+34 more
Java
14 Native + 12 Android
SQL InjectionXSSCommand InjectionSSRFXXEInsecure DeserializationIntent InjectionWebViewInsecure Storage+17 more
Java Spring
7 Rules
SpEL InjectionActuator ExposureCSRF DisabledMass AssignmentOpen RedirectSecurity HeadersCORS Misconfiguration
Kotlin (Android)
11 Rules
Hardcoded SecretSQL InjectionCommand InjectionInsecure RandomWeak CryptoWebView JSInsecure StorageIntent Injection+3 more
C / C++
14 Rules
Buffer OverflowUse-After-FreeDouble FreeMemory LeakNull PointerInteger OverflowFormat StringRace ConditionBanned Functions+5 more
JavaScript / TypeScript
10 Rules
Hardcoded SecretsPrototype PollutionXSS (DOM)eval() InjectionCORS MisconfigurationCommand InjectionSQL Injection+3 more
Python
8 Rules
SQL InjectionCommand InjectionSSRFTemplate InjectionPath TraversalInsecure DeserializationHardcoded SecretsWeak Crypto
Go
8 Rules
SQL InjectionCommand InjectionRace ConditionInsecure TLSSSRFPath TraversalHardcoded SecretsWeak Crypto
Dart / Flutter
10 Rules
Insecure StorageXSS WebViewWeak CryptoHardcoded SecretsInsecure HTTPPath TraversalCommand Injection+3 more
Swift (iOS)
10 Rules
Keychain MisuseBiometric BypassJailbreak DetectionTLS BypassInsecure StorageHardcoded SecretsWeak Crypto+3 more
CONTINUOUSLY GROWING
150+
150+ security rules across 10 programming languages and 1 framework — protecting your code with a continuously expanding rule set.
Artificial Intelligence

Enhance Results with Optional AI

After your SAST scan completes, optionally filter false positives with AI modules and discover hidden vulnerabilities.

AI False Positive Filtering

Extracts source code context for each finding, sends it to the LLM, and gets an answer: "real or false positive?" Results are evaluated with confidence scores.

Source code context extraction (±20 lines)
Confidence score (0-1) with detailed explanation
Fix suggestion for each finding
Severity-based filtering support
Concurrent review — parallel analysis
AI Review Results
SQL Injection — UserController.cs:42 Valid
XSS — Views/Index.cshtml:18 False Positive
Path Traversal — FileService.cs:67 Valid
CSRF — OrderController.cs:31 False Positive
Average Confidence Score0.92

AI Deep Scan

Takes existing findings from SAST-detected files, extracts file context, and asks the LLM: "are there other vulnerabilities?" Newly discovered issues are automatically added.

Expand existing findings (±30 lines context)
Enriched results with CWE mapping
Fix code and detailed explanation
Distinguish SAST vs AI findings (ai_detected)
Deep Scan — Additional Findings
Insecure Random — AuthService.cs:23CWE-330
Log Forging — LogHelper.cs:45CWE-117
Header Injection — ApiController.cs:88CWE-113
SourceAI Detected

Multi-Provider AI Support

Choose your AI provider — full flexibility with cloud or local model support.

OpenAI
GPT-5.4 / GPT-5.4 mini
Azure OpenAI
Enterprise Azure Endpoint
Google Gemini
Gemini 3.1 Pro / 3 Flash
Anthropic Claude
Sonnet 4.6 / Opus 4.6
Groq
Ultra-fast LLama 3
Ollama
Local model support
How It Works

Secure Code in 4 Steps

From SCM repo import to reporting — fully automated security scanning process.

Import Repos from SCM

Connect your GitHub, GitLab, or Azure DevOps account. Import all your repos with one click or select specific ones. Fast start with branch selection and private repo support.

1
2

Automatic SAST Scan

Fast repo cloning with shallow clone, automatic language detection, AST indexing, and taint analysis. Parallel scanning with concurrent scan queue.

Optional AI Enhancement

Optionally filter false positives with AI modules, discover hidden vulnerabilities with deep scan. Get fix suggestions for each finding. SAST results are ready even without AI.

3
4

Dashboard & Reporting

Severity distribution, trend charts, project-based scan history. Source code viewing with finding details. Jira issue creation and built-in task tracking.

Analysis Engine

In-Depth Technical Architecture

Comprehensive security analysis with taint analysis, AST-based indexing, and intelligent database detection.

Taint Analysis

Tracks data flow from user inputs to dangerous functions via Source → Sink analysis.

  • HTTP request, form data, environment → SQL query, OS command, file I/O
  • Sanitizer recognition: parameterized query, encoding, validation
  • Variable reassignment chain resolution
  • Custom sanitizer support (sast-config.json)

AST-Based Indexing

Structurally parses source code and prepares it for analysis.

  • Function, class, namespace parsing
  • Parameter and return type extraction
  • Web framework view file support (Razor, JSP)
  • File-based modular analysis

Automatic DB Detection

Automatically detects the database used from project files.

  • Project files: .csproj, pom.xml, build.gradle, go.mod, package.json
  • Import/using directives and dependency analysis
  • MongoDB, PostgreSQL, MySQL, MSSQL, Redis, SQLite
  • CosmosDB, Cassandra, EF Core, JPA/Hibernate

Scan Infrastructure

High-performance parallel scanning infrastructure.

  • Concurrent scan queue (configurable slots)
  • Fast repo cloning with shallow clone (--depth 1)
  • Automatic language detection and analysis engine selection
  • Real-time progress tracking
Performance

Benchmark Results

Independent stress tests — measured on open-source projects.

25M+
Lines Scanned
Linux Kernel
0
Crash / OOM
100% Stability
38K+
Lines/Minute
Elasticsearch
19
Concurrent Slots
40 Cores
ProjectLanguageFilesLinesFindingsDuration
Linux KernelC32.62324.697.56622.29617h 24m
ElasticsearchJava18.1293.275.5964.6281h 26m
Eclipse MosquittoC36883.42334411 min
OWASP Juice ShopJavaScript48780.03614410 min
OWASP WebGoatJava41177.3561835 min
Crash & OOM: 0 — stable even during 25M line scans
Peak RAM: 47% — 29.5 GB usage on a 64 GB system
Automatic resource management — scales with hardware

Test environment: Intel Xeon E5-2697 v2 (40 cores) · 64 GB DDR3 · SAS RAID · Ubuntu 22.04

Significantly faster results are achieved with modern hardware (NVMe SSD, DDR5).

Integrations

Seamless Integration with Your Tools

Integrate with your source code management and issue tracking tools in one click.

One-click import all repos
Selective import — choose specific repos
Branch selection — default branch auto-detection
Private repository support (token-based)
Webhook support — Push → automatic scan
Periodic repo synchronization
Jira Cloud & Server — one-click issue creation
Built-in issue tracking system
Dashboard & Reporting

Visualize and Report Your Results

Track, report, and share scan results through a centralized dashboard.

Overview Dashboard

Total applications, projects, scan counts. Severity distribution (High/Medium/Low), trend charts, and recent scans list.

Multiple Export Formats

PDF report — severity distribution, finding details, executive summary. Export all findings with JSON and CSV.

Detailed Finding View

File, line, function, description for each finding. AI review results and source code context viewing (with line numbers).

Finding Deduplication

Fingerprint-based (MD5 hash) deduplication. NEW / RECURRENT / FIXED labeling. AI review data transfer for token savings.

Security & Authentication

Enterprise Security Infrastructure

Meet enterprise security standards with licensing, authentication, and audit logging.

Enterprise Licensing

Hardware ID-bound licensing. Stable and persistent HWID for every platform. HWID always visible on the license page — copy and send to support team with one click.

Authentication & RBAC

JWT token-based authentication, role-based access control (admin, manager, developer, viewer). LDAP / Active Directory integration and session management.

Audit Logging

Structured audit logging (DB + stdout). 14+ actions logged — login, user CRUD, scan, project, application, license, and more. UI log viewer with filter and pagination.

License Audit Log

All license events recorded: upload, activate, expire, mismatch. Full traceability for enterprise compliance and troubleshooting.

Comparison

How We Stand Out

Compare Remedify with open-source and enterprise SAST solutions.

FeatureRemedifyOpen Source SASTEnterprise SAST
AI False Positive Filtering Yes NoLimited
AI Deep Scan Yes No No
On-Premise / Air-Gapped Yes YesMostly Cloud
Turkish Interface Yes No No
Onboarding Wizard Yes NoLimited
Taint Analysis YesLimited Yes
Webhook Auto-Scan Yes No Yes
10 Languages + 150 Rules Yes1-3 Languages Yes
Mobile Security (Android+iOS) Yes NoLimited
Android Platform Detection Yes NoLimited
LDAP Integration Yes No Yes
PDF/JSON/CSV Export YesLimited Yes
Finding Deduplication Yes No Yes
License Audit Log YesN/A Yes
Enterprise Licensing YesN/A Yes
Price AffordableFree
Pricing

Choose the Right Plan for You

On-premise deployment — flexible licensing options for teams of every size.

Features Included in All Plans

Unlimited Parallel Scans
10 Programming Language Support
SCM Integration & Webhooks
Dashboard & Reporting (PDF/JSON/CSV)
FREE
Foundation Edition
For everyone learning secure coding.
$0
Single user · local install
Java & C# support
Up to 5 projects
100K lines per project
Get license
Bronze
Bronze
Ideal starter package for small teams.
$20/user/month
Min. 10 users
10 Users
20 Projects
All shared features included
AI False Positive Evaluation +$10/user
AI Deep Scan +$10/user
Silver
Silver
Extended capacity for growing teams.
$25/user/month
Min. 20 users
20 Users
Unlimited Projects & Scans
All shared features included
AI False Positive Evaluation
AI Deep Scan +$10/user
Popular
Gold
Gold
Full AI-powered solution for enterprise teams.
$35/user/month
Min. 50 users
50 Users
Unlimited Projects & Scans
All shared features included
AI False Positive Evaluation
AI Deep Scan
Platinum
Platinum
Fully-equipped package for large-scale enterprises.
Contact Us
Min. 100 users
100 Users
Unlimited Projects & Scans
All shared features included
AI False Positive Evaluation
AI Deep Scan

AI features can be activated at the specified additional cost.

Contact

Request a Demo or Get in Touch

Fill out the form to learn more about Remedify or request a demo.

Get Started

Choose a plan, create your registration — our team will contact you as soon as possible.

View Plans

Phone

+90 216 222 00 48

Address

Barbaros Mh. Halk Cd. Palladium Residence A Blok No:8/A Ataşehir / İstanbul