Onapsis Control

Shift Left and Accelerate Secure Application Development & SAP Code Security

Secure your SAP code security and software development lifecycle from development to production. Use automation to clean your custom code before an SAP S/4HANA migration, and bring security directly into your development process, including work on the SAP Business Technology Platform (BTP). This helps you build secure applications and prevent vulnerabilities from ever reaching production.

Build Security Into Custom SAP Application Development

Gain a comprehensive understanding of potential code and transport vulnerabilities, including code developed by external partners, using multiple methodologies in one engine (DAST, SAST, IAST).

Empower application developers to identify, prioritize, and remediate issues quickly with “spell-check” features and detailed step-by-step remediation instructions with pre-written code suggestions.

Leverage automation and one-click fix capabilities to remediate up to 50% of common code errors prior to migration or import.

Scan transports of third-party developed code prior to import and prevent negative impacts to applications and potential system failure.

Create a secure baseline by automatically cleaning custom code prior to migrating to the cloud or SAP S/4 HANA.

Onapsis lets your teams work with the tools and environments they already use and offers additional products that accelerate development cycles.

See How We Strengthen DevSecOps for SAP

Not quite ready for a live demo, but want to see Onapsis Control in action?
View this two-minute on-demand video of Control to see how we can solve your organization’s unique challenges.

In this video, you will:

  • Get an understanding of Onapsis Control and its key features.
  • Discover how Onapsis Control empowers you to establish and enforce secure configuration standards across your applications.
  • Learn how Onapsis Control seamlessly integrates security into the application development lifecycle.

Control Central

  • Centrally managed, comprehensive application security testing for ABAP, UI5, XSJS, Fiori, and HANA Native applications
  • Identify common code errors and remediate them easily with step-by-step guidance, enabling a proactive approach to SAP code security
  • Supports the most critical IDEs, such as Visual Studio Code, SAP Business Application Studio in BTP, Eclipse, and Git repository scanning (e.g., ABAPGit)
  • Add additional security and quality gates to your release processes via integrations with leading change management and CI/CD tools, including SAP ABAP Test Cockpit (ATC), SAP Change Request Management (CHaRM), SAP Transport Management System (TMS), Azure Pipelines and SAP CI/CD Service
  • Gain visibility into 3rd party developed code, including scanning within Git repositories, such as those used by abapGit, gCTS, or SAPUI5
Onapsis Control Center

Control for BTP

  • Integrates with the broadest list of SAP Recommended IDEs for SAP BTP development
  • Identifies errors as they occur and provides developers with immediate feedback and actionable fixes to address SAP code security risks during the development process
  • Connect Control for BTP to your Git repositories and perform rapid scans of individual projects or all connected Git repositories, saving time and reducing manual effort
  • Pipeline integration supports continuous integration and continuous delivery (CI/CD) to ensure clean code before deployment to production

Git Repository Scanning

  • Establish a security gate in your Git Repositories to prevent issues before they reach production
  • Bulk scan ABAP and non-ABAP code at rest on-demand or perform scheduled scans without work interruptions
    Centralized policies ensure consistency and compliance, even with distributed teams or third-party developers
  • With support for GitHub, GitLab, Bitbucket, and Azure Git, and use cases in abapGit, gCTS and SAP UI5, ensure that every commit, branch, and merge follows consistent security policies

Secure CI/CD Pipelines

  • Automate vulnerability scanning for your CI/CD pipelines to block issues early and ensure that secure, high-quality releases ship faster at lower cost
  • Shift left: Instant detection and feedback ensure vulnerabilities are caught as code is written, not after release
  • Use centralized policies and test cases across all your teams and 3rd party developers, no matter where they work
  • With support for SAP CI/CD Service, SAP Project Piper, and Microsoft Azure pipelines, Control is the ideal solution for hybrid and cloud-ready landscapes.

TMS Approval Workflow

  • Scan release processes in your SAP Transport Management System (TMS) for vulnerabilities
  • Identify and block risky transports before they reach production
  • Enforce policy and security gates across transports for internal and external teams alike
Onapsis On-Change Control

On-Change Control

  • Integrated, detailed security scanning and approval framework for SAP CHaRM
  • One-stop shop for approvers and requesters to manage scans, approvals, and notes
  • Automatic notifications ensure a swift change management process

Part of The Onapsis Platform

Designed to make SAP security frictionless, Onapsis delivers an award-winning, full application security suite. The Onapsis Platform shines a light on the full SAP or Oracle attack surface to help organizations worldwide better understand risk, protect their most critical systems, respond rapidly to threats, and keep their business-critical applications and digital transformation projects running smoothly.

Learn More About The Platform

See Why Customers Love Onapsis for SAP Application Security Testing

“Onapsis helps us address two of the biggest trouble areas in our change management processes—custom code and transports. A third-party solution for analyzing these that integrates into SAP ChaRM allows us to get things right the first time and avoid costly rework and manual analyses.”

– Security Architecture Manager, Global Chemical Company

Read Case Study
Reduction in Code
Review Time by Teams
Saved Annually In
Code Review Costs
Saved Per System By
Eliminating Import Errors

Powered by the Onapsis Research Labs

The Global Leader in ERP Security & Threat Research

  • 6 US DHS critical alerts based on our research
  • Discovered 1,000+ zero-day vulnerabilities in business-critical applications
Onapsis Research Labs

Awards

  • Onapsis Company Awards ASTORS
  • Onapsis Company Awards CRN 2022
  • Onapsis Company Awards Cyber Defense Magazine
  • Onapsis Company Awards CRN 2021
  • Onapsis Company Awards Inc 500
  • Onapsis Company Awards Cybersecurity Breakthrough
  • Onapsis Company Awards Cyber Defense Magazine 2023
  • Onapsis Company Awards Cyber Defense Magazine 2022

    • Further Reading

    Ready for a deeper understanding on how Onapsis secures your critical business applications? Start with these related resources, then visit our Resource Center for more.

    All Resources

    Datasheets

    Control Central

    Application security testing for SAP ABAP applications. Step-by-step remediation instructions and integrations with SAP ABAP…

    Learn More

    Solution Brief

    Secure Every SAP Build in Your CI/CD Pipelines

    Onapsis Control is a solution for securing SAP custom code development in Continuous Integration/Continuous Delivery (CI/CD) pipelines. It aims to minimize hidden risks in modern SAP custom code development, especially on SAP BTP.

    Learn More

    Solution Brief

    Build Clean Code Security Gates with GitRepository Scanning

    This document describes ONAPSIS Git Repository Scanning to build clean code security gates and strengthen SAP code security at the source.

    Learn More

    Solution Brief

    Enforce Secure Transport Workflows Across Your SAP Landscape

    This document outlines Onapsis Control for securing SAP Transport Management System (TMS) workflows. SAP TMS is the backbone of change movement, but each transport can be a vector for risk, potentially introducing malicious, vulnerable, or poorly written code into production.

    Learn More

    Solution Brief

    Control: Application Security Testing for Business-Critical Applications

    Accelerate and Secure Development with Automated Application Security Testing Built for SAP

    Learn More

    Ebook

    Battling Trojan Horses in Your SAP® Transports

    Changes to SAP production systems through SAP transports pose a high security risk.

    Learn More

    Schedule a live demo today

    Learn How to Shift Left Easily and Build Security Into Your SAP Software Development Lifecycle.

    Let our technical experts show you how to leverage Onapsis Control to automatically scan and mitigate code vulnerabilities to accelerate your S/4 HANA migration projects and RISE with SAP transformations. Our demo will show you how Onapsis Control can help.

    Schedule a Live Demo