Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
翊天科技 is an information security and systems integration service provider based in Hsinchu, Taiwan. Based on its website, its core business is not a single proprietary security product, but rather product resale, implementation, scanning services, consulting, and training around application security testing. Its portfolio covers tools such as Fortify SCA, Synopsys Coverity, Fortify WebInspect, Sonatype Lifecycle, and Synopsys Black Duck, forming a combined SAST, DAST, and SCA offering.
In terms of protection coverage, its strengths are concentrated at the application layer. Source-code white-box scanning can locate vulnerable lines of code and provide causes and remediation suggestions. WebInspect targets live websites, mobile sites, web services, and APIs, supporting crawling, auditing, differential scanning, and cross-analysis between black-box and white-box results. Sonatype and Black Duck are used for open-source component identification, vulnerability detection, license risk, SBOM, and software supply chain risk management. For deployment and integration, the website notes that Fortify can run locally, perform centralized or distributed scanning, and integrate with IDEs and CI/CD pipelines. WebInspect supports command-line use, APIs, Docker, and API scanning entry points such as Swagger, Postman, GraphQL, gRPC, and SOAP, making it suitable for embedding into development workflows.
The website does not publish specific product licensing or project pricing. Its source-code scanning service is divided into basic, intermediate, and advanced tiers: the basic tier provides scanning and reports; the intermediate tier adds preliminary false-positive filtering and remediation notes for high-risk categories; the advanced tier further includes one online briefing and two weeks of email inquiries. On-site scanning requires a separate application, with fees determined based on travel distance and requirements. This tiered approach is relatively friendly to customers with different budgets, but it lacks clear pricing, delivery timelines, and SLA details.
The main advantage is broad product coverage, enabling it to address code vulnerabilities, website/API vulnerabilities, open-source component vulnerabilities, and license compliance issues at the same time. It also provides reports, remediation recommendations, training, and consulting services, making it suitable for teams without dedicated AppSec capabilities. Its case descriptions mention experience with financial, semiconductor, and large-enterprise projects. The limitations are that its capabilities rely heavily on third-party commercial tools, so procurement costs may be relatively high. The website does not disclose payment methods, its own certifications, support hours, or service assurance details, so these should be confirmed before purchase.
It is better suited to mid-sized and large enterprises, software teams, and security departments that need pre-release security testing, third-party audits, CI/CD security gates, or open-source component governance. Access from mainland China cannot be determined from the available text, and payment methods are not disclosed. Mainland Chinese enterprises considering procurement should confirm remote delivery, contract payment arrangements, tool licensing compliance, and alternative options. Comparable products and vendors include Checkmarx, Veracode, Snyk, Burp Suite Enterprise, Acunetix, as well as domestic code security and open-source governance products.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on hoeasys.com official site.
hoeasys.com is an Taiwan Security provider. TG4G tracks its product information, an overall rating of 7.0/10, and a China-accessibility score of China direct-connect friendly. Click "Visit Official Site" to reach hoeasys.com directly.