SmartDec Scanner #1: Security Meets Usability
Security and usability are what the blockchain industry needs most. However, we haven’t seen much usability in blockchain security tools yet. Most of them have either a basic interface or none. Besides, one can only dream about integration with other developer tools, vulnerability history tracking, or analytics.
It’s time to change the situation. That’s why in SmartDec we decided to combine SmartDec Scanner with our expertise in blockchain security and built the first enterprise-level blockchain security tool.
What I mean by “enterprise-level”
I mean that you will work with a market-ready tool, not with another Proof of Concept. It has already been integrated into secure development process in several enterprises outside the blockchain area. Now we are working on bringing enterprise-level security to blockchain community.
Here’s what “enterprise-level” means for a user.
Beautiful and powerful web interface. No, it’s not just “paste code” and “start scan”. It’s separate projects for separate codebases, scan history, analytics, access management, and much more. Take a look at the demo video and the screenshots below.
Integrations. Upload code from Git repository, create tickets in Jira or TeamCity for discovered vulnerabilities, set scan time and conditions in Jenkins, or scan code directly from Eclipse.
29 languages supported. Solidity, Go, Python, JavaScript, Java, Objective-C, C/C++, C#, PHP, Scala, Kotlin, Swift, and many more.
MythX integration. Besides, we are happy to collaborate with MythX Platform by ConsenSys Diligence. We have embedded MythX analysis module into our tool, which deepens the level of smart contract analysis. See the article about MythX.
How to use SmartDec Scanner
To upload the code, you can provide an Etherscan link, a Google Play link or an App Store link (yes, I mean it, SmartDec scanner can scan mobile apps directly from the stores), a link to a Git repo, or upload a zip archive. After that, start the scan and wait until it’s finished.
If you need only general information, review the basic analytics:
However, if you need detailed information about particular vulnerabilities, go to the “Detailed results” tab (this one is my favorite!):
I won’t give the full tutorial here. To request a demo or a trial account, see the end of this article.
What kinds of applications it scans
SmartDec Scanner scans mobile applications, web applications, and smart contracts. It can analyze 29 programming languages. Thus, you can use it to scan DApps’ back end, front end, and smart contracts, mobile and web crypto wallets, crypto exchange back end and front end.
Don’t trust me, try it yourself
We are in beta now… no, we’re not! The interface works, the analysis modules work, the integrations do as well. SmartDec Scanner is already being used by several traditional enterprises. The only question is, does the blockchain community already need an enterprise-level tool, or the time has not come yet?
We need your help to get the answer. Please, contact us via trial@smartdec.com to get your free and full-featured trial account (with a limited number of scans, though). We will appreciate any feedback: what language support to add, what features or integrations will be useful, do you need this kind of tool at all?
We have BUIDLed, tell us, what’s NEEDed (I have swapped the Es). Subscribe to the SmartDec Scanner Twitter account to not miss new articles and videos.
This article was created by SmartDec, a security team specialized in static code analysis, decompilation and secure development.
Feel free to use SmartCheck, our smart contract security tool for Solidity and Vyper, and follow us on Medium, Telegram and Twitter. We are also available for smart contract development and auditing work.
