The most dangerous vulnerability
is the one you can't see.
Source code static analysis for embedded software.
Find what's exploitable.
SecMate
DashboardProjectsScans
← Back to Projects
myfirmware
F
GradeVulnerabilities
3 High12 Med
Vulnerabilities
41 Total3 High12 Med26 Info
Integer Underflow on buffer_read.c CWE-191
myfirmware/src/buffer_read.c
High
92%
Classic Buffer Overflow on handler.c CWE-120
myfirmware/src/handler.c
High
88%
Out-of-bounds Write on plugin.c CWE-787
myfirmware/src/plugins/plugin.c
High
85%
They couldn't see them. SecMate did.
See what attackers see.
Attack paths. Exploitability. Impact. Before they do.
For embedded software.
Finding what others miss.
src/coap_address.c
486coap_resolve_address_info(const coap_str_const_t *address,
487 uint16_t port,
488 uint16_t secure_port,
489 int ai_hints_flags) {
490
498 static char addrstr[256];
499 int error;
500
536 memset(addrstr, 0, sizeof(addrstr));
537 if (address && address->length)
538 memcpy(addrstr, address->s, address->length);
539 else
540 memcpy(addrstr, "localhost", 9);
We trace the invisible.
Exploitable
Proof, not promises.
What's hidden in yours?
LFEnergy - EVerest · everest-core
ISO15118 Energy Transfer Modes Overflow Corrupts EVSE State
CVE-2026-27816
5.5
LFEnergy - EVerest · everest-core
ISO15118 Session Setup Payment Options Overflow Corrupts EVSE State
CVE-2026-27815
5.5
LFEnergy - EVerest · everest-core
ISO15118 Session Setup Use-After-Free Crashes EVSE Process
CVE-2026-27828
5.5
Your threats. Your workflow.
Your answers.
Your threat model.
Your product. Understood.
SecMate
Threat ModelSystem Context
Embedded firmware for industrial sensor. Handles CAN bus communication and OTA updates.
ARM Cortex-M4 microcontroller. Connected via CAN bus to PLC network.
⚠TS-001
CRITICALThreat Agent:
Network attacker on local segment
Attack Path:
Intercept unsigned firmware payload and inject malicious code via buffer overflow
SAST FocusCRITICAL
Input validation in binary parsing routines
firmware_parse_header processes untrusted input before signature check
In every pull request.
Catch it before production.
Open
feat: add OTA firmware update handler
developer wants to merge 1 commit intomainfromfeature/ota-update
developeradded a commit that references this issuejust now
a3f8d2cfix: validate buffer length before memcpy
github-actionsbotcommented just now
SecMate's Security Review
Found 1 security issue to review:
1 HIGH
▼●HIGHInteger Underflow in buffer_read.c
firmware-demo/src/buffer_read.c:538💬Description
The length parameter is used directly in memcpy without validation, allowing integer underflow when length is negative or exceeds buffer bounds.
0.92 confidence
💡How to fix
Add bounds validation before memcpy: if (length <= 0 || length > sizeof(buffer)) return -1;
Powered by SecMate, your security companion • View Details
:)
Currently on GitHub. More integrations planned.
4 247 alerts. Only 4 real.
Your scanners. We make them useful.
Your alerts.
SAST Scanner
Findings
4 247
Critical
847
!CWE-120Buffer overflowCRITICAL
!CWE-416Use after freeHIGH
!CWE-190Integer overflowHIGH
!CWE-120Buffer overflowCRITICAL
!CWE-787Out-of-bounds writeHIGH
!CWE-416Use after freeHIGH
!CWE-122Heap overflowCRITICAL
!CWE-125Out-of-bounds readMEDIUM
... and 4 239 more
Answered.
SecMate
4validated
0false positives
RCE via buffer overflowEXPLOITABLE
src/net.c:538•Reachable from API•94% confidence
Memory corruptionEXPLOITABLE
src/mem.c:127•2-hop path•87% confidence
Out-of-bounds writeBUG ONLY
src/buf.c:201•Not reachable•91% confidence
Use after freeBUG ONLY
src/alloc.c:45•Dead code path•88% confidence
2 exploitable. 2 bugs. 4 243 false positives.
Works withSemgrepCoveritySonarQubeSnykCodeQLand more.
Your code. Your choice.
Three ways to deploy. Same results.
Cloud SaaS
We host. You scan.
</>
Your code↓
SecMate Cloud
↓
✓
Results onlyFully managed. Up and running in minutes.
Private Cloud
Your cloud. Our engine.
Your VPC
</>
Your code↓
Your SecMate
↓
Your LLMsYour models
Data never leaves your cloud.
Air-Gapped
No network. Full control.
Your Infrastructure
</>
Your code↓
Your SecMate
↓
Local modelsLocal inference
Zero external dependencies. Nothing leaves your network. Same quality.
Answers.
SecMate is customized and tested on embedded software, which strongly influences our tests and roadmap. See our disclosures for proof.
Our view.
Feb 2026Four Memory Safety Vulnerabilities in Golioth's IoT Firmware
Feb 2026SecMate Joins the Cyber Defense Factory Program
Feb 2026Rust Support in SecMate: Two CVEs in RustFS
Jan 2026How SecMate Discovered two Vulnerabilities in libcoap
Aug 2025Is Vibe Coding a Security Nightmare?
Jul 2025From the Attacker's Playbook to Your Pull Request