Eliminating errors in custom code is essential for keeping SAP applications secure and functioning properly. Unfortunately, app security testing tools don’t cover SAP and manual reviews are time consuming and error-prone. 

Onapsis Control for Code solves these problems with automated code analysis designed specifically for SAP systems, allowing you to “shift left” and identify and fix issues in internally or third-party developed code before negative consequences arise.  

Request a Demo

Automated Code Analysis for Business-Critical SAP Applications

With a focus on identifying and resolving insecure, unstable and non-compliant code during development, Control for Code analyzes and reviews custom code that could put your organization at risk of attack, non-compliance or critical application downtime.

Identify Issues

Check custom SAP code for security, compliance, performance, robustness, maintainability and data loss prevention issues.



Each identified issue includes steps to remediate or leverage optional automated code correction services.


Build Into Workflows

Assess code in real-time by integrating into leading IDEs or batch scan from a repository

Faster than labor-intensive and error-prone manual code review processes

False positive rate, eliminating unnecessary review of incorrect findings

Reduction in security and quality errors making it into production

Common findings can be resolved with optional automated code correction service

Shift Left and Stay Clean

Automated code review captures issues quickly and before they make it to production, when errors are more expensive to fix and the consequences are exponentially worse. If used in a continuous integration process throughout the application development lifecycle, code analysis identifies and prevents code vulnerabilities and quality issues from degrading security, compliance or performance.

Key Features of Onapsis Control for Code

  • Each identified issue includes associated business risk and remediation guidance 
  • Support for multiple languages including ABAP, XSJS, node.js, SQLScript, and SAPUI5 (Fiori)
  • Analyze code in real time within development environments, including SAP HANA Studio, Eclipse, SAP Web IDE, SAP ABAP development workbench, SAP Business Application Studio and Visual Studio Code
  • Integrates with change management solutions (e.g., ChaRM, SAP Transport Management System, Jenkins) to build code analysis into existing processes
  • Scan up to 900,000 lines of code in one minute
  • Automated code remediation using quickfix capabilities in the development environment
  • Comprehensive analysis that follows your code through decision trees for complete coverage
  • Identify unused code that can be removed to improve maintainability, reduce complexity of system upgrades and migrations
  • Checks against OWASP Top 10 “The Ten Most Critical Web Application Security Risks

Run on the Onapsis Platform

Onapsis provides a suite of products, built on the Onapsis Platform, to support security, compliance, threat detection, secure application development, and change management. 

Learn more about the Onapsis Platform

Powered by Onapsis
Research Labs

Our team of business-critical application security experts combine in-depth knowledge and experience to deliver technical analysis and alerts with a business context.

Learn more about how our Research Labs drives our products


Want a more in-depth exploration? Start with these related pieces, then visit our Resources page for more.

All resources

Secure your 
business-critical SAP,
Oracle, Salesforce
and SaaS apps

Get a firsthand look at the visibility, reporting and automation capabilities provided by The Onapsis Platform by scheduling a personalized demo with our application security experts.

Request a demo