Name: SecMate
Availability: PreOrder
Author: SecMate

Question 1

What languages do you support?

Accepted Answer

C, C++, Rust, Python, TypeScript, and Java.

Question 2

What about false positives?

Accepted Answer

We trace actual paths. If an attack can reach it, we tell you. If it's exploitable, we tell you. You fix what matters, not what might matter.

Question 3

Do I need to replace my existing SAST tools?

Accepted Answer

Up to you. SecMate can work alone or alongside Semgrep, Coverity, SonarQube, and any tool that exports SARIF. We validate which findings are actually reachable and exploitable—and find more with our engine.

Question 4

Can SecMate ingest results from my current tools?

Accepted Answer

Yes. If your tool exports SARIF, SecMate can validate those results—assessing reachability and exploitability so you fix what matters.

Question 5

What makes SecMate embedded-oriented?

Accepted Answer

SecMate is customized and tested on embedded software, which strongly influences our tests and roadmap. See our disclosures for proof.

Question 6

Where does my code go?

Accepted Answer

Two modes: self-hosted or SaaS. Use your LLM providers or ours. No training on your code. Zero retention policy.

Question 7

What does a finding look like?

Accepted Answer

The vulnerable code. The path an attacker takes to reach it. Why it's exploitable. Severity score. How to fix it.

SourceIp bypass via spoofed X-Forwarded-For/Real-IP headers

What's hidden in yours?