Jackhammer Overview

Jackhammer is a collaboration tool built with the aim of bridging the gap between security teams, developer teams, and QA teams, and being the facilitator for TPM to understand and track the quality of the code going into production. It could do static code analysis and dynamic analysis with inbuilt vulnerability management capabilities. It finds security vulnerabilities in the target applications and it helps security teams manage the chaos in this new age of continuous integration and continuous/multiple deployments.

It works completely on RBAC (Role Based Access Control).There are cool dashboards for individual scans and team scans giving ample flexibility to collaborate with different teams. It is completely built on pluggable architecture which can be integrated with any open source/commercial tool.

Static Code Analysis

Built-in scanning tools support a majority of popular languages such as Java, Ruby, Python, and Nodejs, etc. In addition to security vulnerabilities, it also finds vulnerabilities in deprecated libraries and the applicable publically available CVEs.

Dynamic Analysis

It can scan all web applications / mobile applications / network / content managmenet system with and without authentication and has a unique way of managing sessions for better identification of vulnerabilities.

Features

  • Provides unified interface to collaborate on findings
  • Scanning (code / web-app / mobile-app /wordpress / network) can be done for all code management repositories and URLs
  • Scheduling of scans based on 3 intervals # daily, weekly, monthly
  • Advanced false positive filtering
  • Integrate other open source/ commercial/ your custom scanner within few minutes to Jackhammer
  • Realtime notification for scans
  • Publish vulnerabilities to bug tracking systems
  • Keep a tab on statistics and vulnerability trends in your applications
  • Integrates with majority of open source and commercial scanning tools
  • User and roles management giving greater control
  • Configurable severity levels on list of findings across the applications
  • Built-in vulnerability status progression
  • Additional support to upload result from other scanners(14 scanners already supported) and manage the vulnerabilities in Jackhammer
  • Intelligent filtering of vulnerabilities on different criteria to see what is actually needed