Scantist

Scantist operates as a cybersecurity entity specializing in application security, originating as a spin-off from a research lab at Nanyang Technological University (NTU) in Singapore in 2016. The company was co-founded by Professor Liu Yang and Xinhua Liu. Professor Liu Yang, who also serves as the CEO, is a full professor at NTU with extensive expertise in software engineering, cybersecurity, and artificial intelligence, focusing on bridging theoretical research with practical applications. His academic and research background, with over 600 publications and numerous awards, underpins the company's scientific foundation.

The firm's core business revolves around securing the software development lifecycle for its clients, which range from startups to large enterprises. Scantist addresses the widespread use of open-source components in modern applications, which can introduce security vulnerabilities and license compliance issues. Its business model is centered on a subscription-based DevSecOps platform, offering plans like Basic, Premium, and Enterprise, with both cloud and on-premise deployment options. The company provides tools that integrate into a client's existing development workflows, such as CI/CD pipelines.

Scantist's primary product is a comprehensive security platform that includes several key technologies. Software Composition Analysis (SCA) is a central feature, designed to scan an application's dependencies to identify known vulnerabilities in third-party libraries and frameworks. This process generates a Software Bill of Materials (SBOM), providing a complete inventory of a project's software assets and checking for license compliance. The platform also incorporates Static Application Security Testing (SAST), Infrastructure as Code (IaC) scanning, and fuzz testing to detect a broader range of security issues. A distinguishing capability is its use of AI and deep binary analysis, which allows for a more granular scan compared to file-level analyses. The platform's vulnerability database is continuously updated from multiple sources, and it provides actionable remediation suggestions to developers. Recently, Scantist has expanded into AI-centric security with products like AIDefender, which secures Large Language Models, and Crypto Defender - L.I.S.A., an AI-native tool for smart contract analysis.

Keywords: Software Composition Analysis, DevSecOps, application security, cybersecurity, open source security, vulnerability management, license compliance, SAST, SBOM, Infrastructure as Code, fuzz testing, software supply chain security, binary analysis, AI in cybersecurity, smart contract analysis, cybersecurity research, Nanyang Technological University, Singapore startup, DevSecOps platform, code scanning