Scan Types
Precogs performs multiple types of security analysis to protect your code, binaries, and data.
Code Scans
SAST (Static Application Security Testing)
Analyzes your source code for vulnerabilities without executing it. Precogs AI reduces false positives by understanding code context.
What it catches:
- SQL Injection, XSS, Command Injection
- Insecure authentication patterns
- Hardcoded credentials
SCA (Software Composition Analysis)
Scans your dependencies (npm, pip, Maven, etc.) for known CVEs.
What it catches:
- Vulnerable library versions
- Deprecated packages
- License compliance issues
Binary Scans
Binary SAST
Analyzes compiled binaries (executables, libraries, firmware) when source code is unavailable.
Use cases:
- Third-party software auditing
- Firmware security analysis
- Legacy application assessment
SBOM Generation
Creates a Software Bill of Materials — a machine-readable inventory of all components.
Why it matters:
- Required for compliance (FDA, CISA, EU CRA)
- Enables rapid CVE response
- Supply chain transparency
Secrets & PII Detection
Secrets Scanning
Detects hardcoded credentials before they reach production.
What it catches:
- API keys and tokens
- Database passwords
- Private keys and certificates
PII Detection
Identifies Personally Identifiable Information in code and logs.
What it catches:
- Email addresses, phone numbers
- Social Security Numbers
- Credit card numbers
Next Steps
- App Overview — Navigate the dashboard
- GitHub App — Automate scanning