PhantomYerra maps static-analysis findings to the PCI DSS 4.0.1 requirements software is assessed against - secure coding (Req 6), data protection (Req 3/4), authentication (Req 8) and logging (Req 10).
| Req | Requirement | Addressed | What PhantomYerra detects |
|---|---|---|---|
| 6.2.4 | Secure coding / engineering techniques | Yes | Injection, XSS, deserialization, memory safety across the codebase |
| 6.3.1 | Identify & manage vulnerabilities | Yes | CWE-mapped findings + SCA against advisories |
| 3.5 / 3.6 | Protect stored account data (cryptography) | Yes | Weak/broken crypto, hardcoded keys, weak RNG |
| 4.2.1 | Strong cryptography in transit | Yes | Disabled TLS verification, plaintext transport |
| 8.3 | Strong authentication | Yes | Broken auth, hardcoded credentials, JWT alg-none |
| 10.2 | Audit logs | Yes | Missing/insufficient logging, log injection |
Every PhantomYerra finding carries its CWE and the standard IDs it satisfies, so a one-click compliance report maps findings to PCI DSS 4.0.1 automatically - alongside the EU Cyber Resilience Act and more.