Checkmarx, the global leader in software security solutions for DevOps, today announced the launch of Checkmarx SCA (CxSCA), the company’s new, SaaS-based software composition analysis solution. CxSCA leverages Checkmarx’s industry-leading source code analysis and automation capabilities, empowering security and development teams to easily identify vulnerabilities within open source software that present the greatest risk and enable developers to focus and prioritize remediation efforts accordingly. This dramatically reduces time spent from the point of vulnerability detection to remediation and increases developers’ overall productivity.
Existing approaches to securing open source within software often produce lengthy vulnerability reports riddled with inaccuracies, making it difficult for developers to understand where best to allocate their time and attention. CxSCA alleviates these challenges with its unique automatic triage capabilities, generating scan results with the greatest possible accuracy and delivering these findings directly to developers. With this insight, development teams can prioritize remediation efforts based on the level of risk presented by found vulnerabilities and accelerate remediation processes to deliver high-quality, more secure software faster.
CxSCA delivers industry-leading open source security risk awareness, visibility, and prioritization capabilities, while also increasing operational efficiency for DevOps and AppSec teams. When coupled with Checkmarx SAST (CxSAST), organizations can secure both custom and open source code with one powerful, cohesive solution that provides unified management for project creation and scans, including the ability to run automated scans in source code repositories, such as GitHub, GitLab, and BitBucket, among others.
According to Gartner, “the combination of SAST and SCA can help deliver higher-fidelity results. The addition of SCA capabilities within an existing suite of testing tools can simplify installation, integration, administration, and maintenance.” 1
“While the open source vulnerability landscape continues to expand, organizations are also increasingly shifting security responsibilities onto developers, creating a dire need for innovative SCA solutions that accelerate developer remediation cycles,” said Nir Livni, VP of Products, Checkmarx. “With CxSCA, Checkmarx enables development organizations to address open source vulnerabilities earlier in the SDLC and cut down on manual processes by reducing false positives and background noise, so they can deliver secure software faster and at scale.”
CxSCA can be used independently or as part of the broader Checkmarx Software Security Platform that also includes SAST, IAST, and integrated developer AppSec training and awareness, giving development teams a single, unified approach to managing their application security posture.
Additional CxSCA features include:
- Extensive Database of Open Source Libraries and Vulnerabilities: Cultivated by the Checkmarx Security Research Team, CxSCA’s exclusive database of open source libraries and vulnerabilities – even those with no corresponding CVE at the time of discovery – provides greater security and risk awareness above and beyond the National Vulnerability Database (NVD).
- Seamless DevOps Integration: CxSCA easily integrates into the entire SDLC offering relevant, actionable open source vulnerability insight and remediation guidance to streamline developer workflows and expedite delivery timelines.
- Scalability & Flexibility: CxSCA’s secure, SaaS-based flexible deployment model gives developers the scale and speed needed to meet their most demanding requirements, allowing them to remain focused on developing secure software rather than managing infrastructures.
CxSCA is available today. For more information and to schedule a demo, visit here.
- eBook: Open Source Cookbook – The Ultimate Guide to Software Composition Analysis
- 2020 Gartner Magic Quadrant for Application Security Testing
- 2020 Gartner Critical Capabilities for Application Security Testing
1 – Gartner, Technology Insight for Software Composition Analysis, Dale Gardner, 1 November 2019
Checkmarx is the global leader in software security solutions for modern enterprise software development. Checkmarx delivers the industry’s most comprehensive Software Security Platform that unifies with DevOps and provides static and interactive application security testing, software composition analysis, and developer AppSec awareness and training programs to reduce and remediate risk from software vulnerabilities. Checkmarx is trusted by more than 40 of the Fortune 100 companies and half of the Fortune 50, including leading organizations such as SAP, Samsung, and Salesforce.com. Learn more at www.checkmarx.com.