Company positioning

YAGAAN is a software editor, pure player of application security.

The company targets software application producers, cybersecurity service providers as well as companies that externalize their software developements, in their software cyber risk assessement and mitigation activities such as audits or code reviews.

Among the differentiators of the YAG-Suite, the source code scanner designed by YAGAAN, the relevance of the user reported information allows you to prioritize corrective actions with efficiency: low rate of false positives thanks to machine learning, individualized CVSS scores, business impacts, contextual help to remediation, etc. According to your production constraints, you will find a balance between what must be fixed before application / version release and what can be managed as the project security technical debt.

Positionned in a logic of democratization of source code scanning, directly or through our partners, the YAG-Suite is accessible from SMEs up to major companies, and gives you access to an effective decision making tool to control your software cyber risk.

Use cases

The YAG-Suite is a powerful tool which supports a variety of use cases. Following examples will help to better seize some of the differenciators we bring you.

For source code audit providers, the YAG-Suite will help auditors to accelerate the discovery of an unknown application with its unprecedented code mining capabilities: a set of functionnalities that automatically detects areas of interest in the source code, such as sensitive data and security mechanisms, and help the user to quicly focus on the most sensitive parts of the code.

Software application producers will appreciate a powerfull scanner that avoids to waste time and energy because of false positives and duplicate warnings, thanks to their automated qualification with machine learning. Moreover, they will enjoy the pedagogic diagnosis and the openness of the tool to intuitive customization. Their C-levels will benefit from the capability to have a high level dashboard of the security level of their applications fleet.

Companies who externalize their developements of software applications to contractors, and their purchase department, will find an easy to use SAAS service to check the overall security level of the application they are delivered, including, if they were expressed, an assessement of how their security requirements are met.

About Us...

YAGAAN Software Security is a company created in January 2017 by three founders: Hervé LE GOFF, former procurement officer at French Ministry of Defense, Antoine FLOCH, PhD in computer science and compiling, and a business angel, former founder and CEO of a start-up on the digital market.

These complementary experiences (procurement, cybersecurity, technical and entrepreneurial expertise) enabled the french start-up to develop an disruptive approach to efficiently equip security by design software development processes. Our ambition is to bring new value to source code scanning activities with two main objectives:

  • Get the best value from static analysis techniques in terms of efficiency and relevance, thanks to artificial intelligence.
  • Take the end-user business into account to fine-tune the vulnerability analysis to the applications real operational needs.

The YAG-Suite is designed and developped in-house, which allows YAGAAN to have complete control of its funcionalities and roadmap.

YAGAAN was incubated at Institut Mines Télécom (IMT) Atlantique and is now hosted at Digital Square, the Rennes facility for digital innovative startups. The company is supported by a number of actors of the Brittany Cyber Valley ecosystem and in particular received financial support from :

  • BPI France
  • Région Bretagne and Rennes Métropole
  • TOTAL Développement Régional (part of TOTAL Oil & Gas Group)
  • Airbus Développement (part of AIRBUS Industry)
  • Institut Mines Télécom
  • Crédit Mutuel ARKEA and BNP Paribas


Hervé is a former procurement officer at the French Ministry of the Armed Forces. He benefits from a 25 years long experience at the Direction Générale de l'Armement (DGA) in the fields of technical expertise, including cybersecurity, management, procurement of weapons programs and international relations.

Antoine FLOC'H - CTO

Antoine, PhD in Computer Science from the University of Rennes 1, worked for more than 10 years on different tools and methods of source code static analysis before co-founding the company with Hervé. This expertise in code auditing allowed him to support companies in evaluating and improving their software applications.