ABAP Code Scanner - Web Edition (Management Console)
ABAP Code Scanner - Web Edition (Management Console)
The free open-source CLI scans exported ABAP source offline. The Web Edition is a commercial web application by RedRays that connects directly to your SAP systems over SAP JCo (RFC) and statically analyses ABAP in place, presenting findings in a modern web UI. The OWASP project itself remains free and open source.

What it does
- Direct SAP connection (SAP JCo / RFC) - scan ABAP straight from the system; no manual export.
- Projects - organise scans by mapping target systems to scan profiles (for example OWASP Top 10 or Critical issues only).
- Scheduled scans - run recurring scans automatically.
- Vulnerability dashboard - findings ranked by severity and CVSS, each with a confidence score and a plain-language explanation.
- Cross-system retest - re-verify a finding across systems, with full retest history.
- Reports & export - export findings for triage and audit.
- Enterprise access - single sign-on and role-based access control.

Findings and triage
Each finding identifies the affected ABAP object and location, with a severity, a CVSS score, a confidence score and a plain-language explanation, plus a status you manage from the browser.


Retest across systems
Re-run a specific finding against one or more systems to confirm whether it is still present, and keep a history of every retest.

Reporting
Export findings to a report for distribution and audit.

Get access
The Web Edition is a commercial product by RedRays. To request a demo or a trial, visit redrays.io/abap-scanner or contact [email protected].