Name: SecMate
Availability: InStock
Author: SecMate

Question 1

What makes SecMate embedded-oriented?

Accepted Answer

SecMate is customized and tested on embedded software, which strongly influences our tests and roadmap. See our disclosures for proof at https://secmate.dev/disclosures.

Question 2

Are you an LLM wrapper?

Accepted Answer

SecMate is a static analysis engine. Dataflow. Taint tracking. Reachability. AI sits on top to reason about what the engine finds, not to replace it. Runs on 20B to 120B parameter models, deployed locally. Your code never leaves your infrastructure.

Question 3

What languages do you support?

Accepted Answer

C, C++, Rust, Python, TypeScript, and Java.

Question 4

What about false positives?

Accepted Answer

We trace actual paths. If an attack can reach it, we tell you. If it's exploitable, we tell you. You fix what matters, not what might matter.

Question 5

Do I need to replace my existing SAST tools?

Accepted Answer

Up to you. SecMate can work alone or alongside Semgrep, Coverity, SonarQube, and any tool that exports SARIF. We validate which findings are actually reachable and exploitable and find more with our engine.

Question 6

Can SecMate ingest results from my current tools?

Accepted Answer

Yes. If your tool exports SARIF, SecMate can validate those results, assessing reachability and exploitability so you fix what matters.

Question 7

Where does my code go?

Accepted Answer

Three options: Cloud SaaS, Private Cloud, or Air-Gapped On-Prem. Use your LLM providers or ours. No training on your code. Zero retention policy.

Question 8

What does a finding look like?

Accepted Answer

The vulnerable code. The path an attacker takes to reach it. Why it's exploitable. Severity score. How to fix it.

Question 9

Does it really work?

Accepted Answer

We have disclosed over 100 vulnerabilities in critical embedded software. NASA, Renesas, Intel, Espressif, Arduino, and others. Found by SecMate. Reported responsibly. See the full list at https://secmate.dev/disclosures.

SourceIp bypass via spoofed X-Forwarded-For/Real-IP headers

What's hidden in yours?