winfunc
Back to Scanner
SAST

Vulnerability Detection

Every finding comes with a proof-of-concept. Zero false positives, guaranteed.

Winfunc's multi-phase analysis engine performs deep source-to-sink tracking across your entire codebase. It identifies vulnerabilities, proves exploitability with executable PoCs, and provides CVSS scoring with confidence metrics — so your team only triages real issues.

Key Capabilities

Multi-phase analysis: SCA, Threat Hunter, and Hunter engines
Source-to-sink data flow visualization
Executable proof-of-concept generation for every finding
CVSS scoring with detailed vector breakdown
AI confidence scoring (0–1.0) per vulnerability
Vulnerability type classification and categorization
Duplicate detection with similarity scoring across scans
Advanced filtering by severity, confidence, scan version, and status
Status workflow: Pending → Validating → Accepted → Resolved
Business logic vulnerability detection — auth bypass, financial manipulation
Race condition and TOCTOU detection
Full-text search across titles and descriptions

Formal Verification

Every vulnerability is proven with a formal verification engine that mathematically demonstrates exploitability. If we can't exploit it, we don't report it.

Source-to-Sink Tracking

Visualize the complete data flow from user input to vulnerable code path. Understand exactly how an attacker can reach the sink through your application's call graph.

Business Logic Awareness

Goes beyond pattern matching to understand your application's business flow — roles, permissions, financial transactions — identifying logical flaws specific to your codebase.

Incremental & Full Scans

Run comprehensive full-codebase audits or targeted incremental scans on changed files. Track findings across scan versions with diff-based analysis.

Vulnerability Lifecycle

Complete triage workflow with status tracking, validation notes, timestamps, and bulk operations. Select, export, and print findings as professional PDF reports.

Universal Language Support

Powered by tree-sitter queries, language servers, and LLM analysis for 100% accuracy across all major programming languages — including niche ones like Arc and Haskell.

Ready to secure your codebase?