dpndncY
Static Application Security Testing
Taint-tracked findings
not regex guesses.

A proprietary interprocedural taint engine across 24 languages, tracking user input from source through sanitiser to sink with a per-finding data-flow trace. Confidence-tiered, so the noise doesn't bury the real bugs.

Pillar · Scan

What it does

24-language taint engine

Interprocedural data-flow across JS/TS, Python, Java, Kotlin, Scala, Groovy, C#, VB.NET, Go, PHP, Ruby, Swift, Objective-C, Dart, Apex, C, C++, CUDA, Fortran, JSP, Erlang and Elixir.

24 languagesInterprocedural

Real data-flow traces

Every finding ships the source → sanitiser → sink path, so reviewers see why it's exploitable — not just a line number.

Per-finding traceSource → sink

Confidence tiering

Findings ranked by source class, sanitiser coverage and sink certainty. The high-precision set stays small; the speculative tail is separated, not dumped on you.

Low false-positiveTiered

Framework-aware

Spring, JAX-RS, Struts, Hibernate, ASP.NET, Angular, React, Vue, Rails, Django, Flask, Gin, Phoenix and more — routes and sinks understood in context.

1,500+ rulesFramework routes

SARIF 2.1.0

Standard SARIF export round-trips into GitHub code scanning, IDEs and any SARIF-aware tool.

SARIF 2.1.0
24
languages
1,500+
rules
100%
on-premise

One platform. On your infrastructure.
Every decision signed and verifiable.