Version: 2506.1

Understanding the Product

1. Sparrow On-Demand Features

Sparrow On-Demand is an API-based security analysis service that canenalbes users to perform core Sparrow technologies such as static analysis, component analysis, and dynamic analysis without installing additional programs in the development environment. Users can use Sparrow On-Demand through services provided in RESTful API or SDK format.

With Sparrow On-Demand, you can use the following features.

🎯 Analysis Execution

Analysis Request: Submit an analysis request through the analysis request API.
Analysis Request Response: Once the analysis request is successfully processed, an immediate response is returned.
Analysis Result Delivery (Callback): When analysis is in progress or completed, analysis results are sent to the callbackUrl entered specified in the analysis request.

📌 Request and Analysis Inquiry

Request Information Inquiry: Retrieve request information for a specific request ID.
Analysis Information Inquiry: Retrieve analysis information for a specific analysis ID.

🔎 Result Download

Analysis Result Download: Download analysis results as a file by entering the completed analysis ID.
Detection Rule Download: Download the rules used during analysis as a file.

2. Sparrow On-Demand Analysis Process

Analysis Flow Diagram

It is recommended to perform a test analysis using a sample project first. Verify the authentication, analysis request, and response flow in advance through the test analysis.

👤 INITInitialization

This stage receives analysis requests and waits for an available analyzer.
Since Sparrow On-Demand supports auto-scaling, an analyzer is automatically assigned after the request is received, and the analysis begins.

📦 READYReady

This process delivers the analysis target to the assigned analyzer.
For static(source code) or component(open-source) analysis, this stage includes the time needed to clone the Git repository.
Dynamic(Web vulnerability) analysis proceeds directly to the next stage without a preparation step.

🔍 PRE_PROCESSPreprocessing

This marks the start of the analysis process, where the target's properties are checked and necessary information is collected.
For static(source code) or component(open-source) analysis, the uploaded target is scanned and analyzed to gather metadata.
For dynamic (web vulnerability) analysis, accessible URLs are collected from the provided entry URL.

🧠 ANALYSISAnalysis

This is the stage where the main analysis is performed after preparation is complete.
In static (source code) analysis, collected information is checked against detection rules to identify issues.
In component (open-source) analysis, components are identified by comparing collected data with the database, and related issues are detected.
In dynamic (web vulnerability) analysis, vulnerabilities are identified by performing multiple simulated attacks using the gathered information.

🧾 POST_PROCESSPost-processing

This stage organizes and finalizes the results after analysis completion.
Results from source code, open-source, and web vulnerability analyses are registered in the database and saved as files.

✅ COMPLETEComplete

This state indicates that the analysis is finished and all processes are completed.
The analysis concludes when its status is Successful, Stopped, or Failed.

2. Sparrow On-Demand Data Processing

User data submitted to Sparrow On-Demand is processed as follows:

Sparrow On-Demand 2506.1 Detailed Version

Engine Version

sast-5.6.2505.2, sca-1.6.2506.1, dast-2.28.2506.1-SNAPSHOT

SDK Version

Java v1.2412.1 Node v1.2502.1

Result Version

Release Date

2025-07-01

1. Sparrow On-Demand Features​

2. Sparrow On-Demand Analysis Process​

Analysis Flow Diagram​

2. Sparrow On-Demand Data Processing​

Sparrow On-Demand 2506.1 Detailed Version​

Engine Version​

SDK Version​

Result Version​

Release Date​