Product
SAST Coverage & Rules Zero-Day Discovery Download
Compliance
Compliance Hub OWASP Top 10 CWE Top 25 PCI DSS 4.0.1 MISRA C / C++ 2023 AUTOSAR C++14 ISO 26262 SEI CERT
Compare
vs All SAST Tools vs Coverity vs Veracode vs Snyk vs Mythos AI vs GPT-5.4 Cyber Download
Download

The PhantomYerra SAST scanner is coming soon

One desktop install. SAST, software-composition analysis, SBOM, secret detection and infrastructure-as-code scanning across 16 languages. Runs fully offline. Windows and Linux builds are in final preparation.

Signed Windows installer Linux AppImage SHA-256 verified No account required
🧮

Windows

Windows 10 / 11 x64
.exe installerSectigo EV signedSHA-256 published on release
Coming soon

The signed Windows SAST build is in final preparation. Leave us a note and we will tell you the moment it ships.

🐧

Linux

x64 AppImage (Ubuntu, Fedora, Debian)
AppImagechmod +x and runSHA-256 published on release
Coming soon

The Linux SAST AppImage is in final preparation. Leave us a note and we will tell you the moment it ships.

Notify me when it ships

What every build scans

The same engine on both platforms. No agents, no cloud upload, no per-language tool to license.

SAST, 24,476 rules

16 languages including C, C++, Java, Python, Go, Rust, JavaScript and TypeScript. Cross-translation-unit taint and abstract-interpretation domains.

SCA & SBOM

Dependency analysis across npm, PyPI, Maven, Cargo, Go modules, Conan and vcpkg, with CycloneDX and SPDX SBOM output.

Secrets & IaC

Credential and API-key leak detection plus Terraform, CloudFormation, Helm and Kubernetes scanning.

Zero-day discovery

A 200-rule discovery suite across all 16 languages for memory-safety, deserialization and injection chains.

AI false-positive triage

Bring your own model and review every finding before it reaches the report. Configure, test and re-run anytime.

Compliance reports

One-click EU CRA, OWASP Top 10, CWE Top 25, NIST 800-53, ISO 27001 and PCI DSS appendices in DOCX, PDF, HTML and SARIF.

What to expect at release. Each build ships as a single desktop install with the SHA-256 hash published alongside it, so you can verify integrity before running. The Windows installer is Sectigo EV signed; the Linux AppImage runs with chmod +x. The scanner runs entirely on your machine; nothing leaves the host unless you enable an external AI provider for triage.