Formal Guardian of Code Quality


Pinpoint™ detects numerous types of code defects and security flaws before they cause data breaches and application crashes.

Features Our Tech
Sophisticated static analysis is just clicks away
Intuitive, easy to deploy All-in-One Bundle
You'll love how fast you can set up a bug hunting service. Pinpoint installer can do that for you in minutes. No root privileges and internet connection needed.
Low-code white box testing in your browser
Detect critical vulnerabilities with powerful drag and drop tools. Our web based UI have got you covered. Our tester oriented workflow can help you get massive project scanned, all on your own.
Deploy once, use anywhere
Seamless CI and VCS integration
Get code quality feedback on your code changes with built-in integrations for CI and VCS. Set up triggers to automatically build and check your code when your team member push changes to Source Repositories. Moving fast with fully automatic analysis pipelines.
Responsive IDE support
Pinpoint IDE extension helps you detect and fix quality issues right in your code editor. Our code analysis engine can spot more critical flaws than built-in linter in IDE and compiler. Analysis can be performed remotely and asynchronously so that you can scan huge projects on your laptop.
Pre-merge AI peer reviewer
Visibility into your entire code review process so that you can maximize review efficiency. Automated code review for defects and vulnerabilities so that you can save time and merge with confidence.
Seamless integration with SonarQube
Pinpoint SonarQube extension helps you run Pinpoint in SonarQube with all kinds of other SCA tools. No configure file modification and additional deployment is needed. Pinpoint checker can be easily set up in Quality Profile as normal SonarQube checkers.
A good bug report is worth a thousand words
Fix more bugs with less reports
Obscure and false-positive-prone reports are the leading cause of SCA failures. We know how important the precision and readability of bug report are to developers. Our system can rank and merge repetitive bug reports smartly to support effective bug triage and remediation.
Pinpoint the five Ws of bug
Pinpoint helps developer understand the reports by answer five Ws of specific programming errors with tips and documents:
  • · How many classes, functions and sourcecode files are involved?
  • · What will happened if the bug is triggered?
  • · Which execution path does it take place?
  • · What condition leads to the bug?
  • · Why it's a bug or vulnerability?
Easy report generation and metrics
Easy scanning report creation in a variety of different format. Detailed report with rich metrics, bug documents, code snippets and bug description can be generated in HTML and PDF format. Scalar metrics can be exported in json, xml and ELK format.
Research Driven

PLDI'18 research paper
introduction to the mechanism of source-sink engine of Pinpoint.

learn more

ICSE'19 research paper
introduction to the mechanism of state-machine engine of Pinpoint.

learn more

Engineering Powered

Th Sourcebrella team has engineered a number of high quality SCA checkers that cover the needs of development, testing, security and evaluation. And through cooperation with government and enterprise customers, we integrated the world's top static analysis capabilities with real world R&D work flows. Make static analysis capabilities not only play a role in code checking scenario, but also further applied in program verification, code search, compilation acceleration, and micro-service management.