Establish better DevSecOps for SAP and accelerate RISE projects with the most comprehensive application security testing available for SAP. With automated code scans supporting more languages, platforms, and IDEs than any other vendor, Control keeps SAP application development moving and mitigates unexpected, costly delays.
These applications are also at the core of digital transformation projects, such as RISE with SAP. Analyzing and migrating custom code and data from legacy systems is a headache for developers seeking to migrate code, applications, and systems to the cloud. And building security into the software development lifecycle for SAP custom applications remains a challenge as well. Manual reviews, which are highly prone to error, are often used due to a lack of automated testing solutions for SAP code languages and environments.
The accelerated pace of these digital transformation projects also forces teams to attempt to balance speed and security…with security frequently tabled in order to meet abbreviated project timelines. Tight development cycles lead to the use (and re-use) of third-party code libraries and developers. However, with little visibility here as well, organizations are forced into even more manual reviews (if at all) to stop the introduction of new security issues.
Onapsis Control addresses these challenges by delivering the most comprehensive, award-winning application security testing available for SAP. With the broadest support for platforms, languages, integrated development environments (IDEs), Git repositories, and technology integrations, Control seamlessly integrates into developers’ existing workflows, scanning code and automatically fixing common issues. Bulk scanning of code from various sources (internal teams, partners, etc.) ensures consistent security and further helps accelerate and de-risk RISE with SAP projects.
¹ Ch4tter: Threat Actors Attacking SAP for Profit April 2024
“Onapsis helps us gain deeper visibility into code and transport vulnerabilities so we can prioritize our mitigation efforts and reduce risk to our systems.”
Director SAP Application Development, Fortune 100 Manufacturing Company
How Onapsis Control Works
Centrally deployed and managed, Onapsis Control works by scanning satellite systems to inspect code directly within integrated development environments (IDEs) or code repositories. Control can scan code both inline as developers work, in large batch scans of projects, packages, or repositories, or embedded within your change management and transport processes. With a focus on vulnerable, insecure code, Control leverages extensive test cases across multiple domains based on the best practices and in-depth security analysis and research of SAP applications from the Onapsis Research Labs.
Millions of lines of code can be automatically scanned in minutes, and remediation guidance is provided to keep pace with accelerated development cycles. You can leverage automatic bulk code identification and developer capabilities to resolve code errors.
Security And Compliance
Onapsis’ highest priority is the security of our software and the confidentiality, integrity, and availability of customer information as it flows through that software. We embed the strongest possible security measures into our software development life cycle (SDLC) and into the operating system, database, web security, and logging layers of our products. Onapsis contracts with accredited, third-party, auditing companies who have audited our SDLC process and we have the following certifications: ISO 9001, ISO 20243:2018, ISO 27001:2013, SOC 1 Type 1/2, SOC 2 Type 1/2, and Veracode Verified Program. Our product design and development requirements follow the OWASP ASVA v4 framework or other industry standard guidelines.
Onapsis Professional Services
Achieve your business objectives at every stage of your journey. Onapsis’ comprehensive professional services offerings target:
Implementation: A paired delivery approach to accelerate time-to-value
Education: Knowledge for teams to successfully operate our platform
Optimization: Enable continuous improvement and alignment to business needs
Administration: Alleviate resource constraints
Onapsis Research Labs
The award-winning Onapsis Research Labs is a team of cybersecurity experts who combine in-depth knowledge and experience to deliver security insights and threat intel affecting mission critical applications from SAP, Oracle, and SaaS providers. They have discovered over 1,000 zero-day vulnerabilities and multiple critical global CERT alerts have been based on their novel research. Onapsis automatically updates its products with the latest threat intelligence and other security guidance from the Onapsis Research Labs. This provides customers with advanced notification on critical issues, comprehensive coverage, improved configurations and pre-patch protection ahead of scheduled vendor updates.
Licensing
Onapsis Control offers extensive flexibility in licensing, allowing organizations to customize their Control Central package based on targets, landscape, and preferred languages. All licenses are available as annual subscriptions based on the number of target systems. Subscriptions include access to all updates available for the respective software license, technical support, and a dedicated account manager.
Expand and enhance your Control Central deployment with the following add-ons:
Git Repository Scanning
Licensed by annual per-customer subscription, it provides batch scanning capabilities by connecting directly to Git repositories, ideal for modern DevOps workflows. It scans ABAP and UI5 repositories ( supporting GitLab, GitHub, Azure Repos and Bitbucket for gCTS, abapGit and SAPUI5), showing results on an independent web UI.
Pipeline Integrations
Licensed by annual per-customer subscription as an Add-on for Git Repository Scanning, it enables seamless integration into CI/CD pipelines, supporting Azure Pipelines, SAP Project Piper, SAP Continuous Integration and Delivery Service, and SAP Cloud Transport Management service (cTMS). It scans related ABAP and UI5 CI/CD pipelines, stopping the build process for mandatory findings and showing results on an independent Scan Service Web UI.
On Change Control
Licensed as an annual subscription based on the number of target systems, it provides a detailed security scanning and approval framework for change management that integrates with SAP® ChaRM. It offers a single view of detailed security scans, approvals, and notes related to system changes in addition to improving approval and process workflows with automatic notifications, secondary approvals, and more.
The Onapsis Platform
Onapsis Control is one-third of the Onapsis Platform. The Platform provides complete attack surface management for ERP landscapes, focused on business-critical application security that directly target interconnected risk – vulnerability management, threat monitoring, compliance automation, and application security testing.
Onapsis is proud to be an Oracle partner and the only application security and compliance vendor invited to the SAP Endorsed Apps Program.