What VioFixer Does

VioFixer shortens software development time and secures completed applications by providing automatic vulnerability remediation options in the coding stage of software development. VioFixer was created to identify and automatically correct security code vulnerabilities identified by security tools such as HP-Fortify, SonarQube, CheckMarx, and others. It works according to a predefined set of security rules and standards published by organizations like NIST and OWASP.

How VioFixer Works

VioFixer uses static analysis tools like Fortify to scan application code and identify vulnerabilities, sorted by priority (critical – high – medium – low). VioFixer incorporates all three main, industry – wide Software Development Cycle processes – Dynamic Analysis, Static Analysis, and Run-Time Analysis – used by software developers. VioFixer then searches its inventory of fixes and can automatically recommend and apply corrected code to resolve any vulnerabilities. Developers can review all proposed changes before committing them. Further, VioFixer inserts a comment in the source code explaining each vulnerability fixed and how, so that developers can easily review later.