Press release

Checkmarx Makes SCA Market Waves with Enhanced Open Source Security Offering

Sponsored by Businesswire

Infosecurity Europe — Checkmarx,
the Software Exposure Platform for the enterprise, has deepened its
stake in the software composition analysis (SCA) market with a new
homegrown engine for its CxOSA solution. Designed by the same Checkmarx
research and development team that created its industry-leading CxSAST
static application security testing solution, CxOSA empowers
development, AppSec and DevOps teams to identify, triage and remediate
open source software security vulnerabilities as well as license
compliance risks.

With the use of open source components on the rise, the risk related to
open source vulnerabilities is also increasing. According to Gartner, IT
and security leaders should “Integrate software composition analysis
tools as part of the CI/CD pipeline to implement continuous compliance
verification, similar to how automated tests verify product quality.”1

Although organizations have started to deploy SCA tools, these often
operate in complete silos separate from other software security
solutions such as static application security testing (SAST) products
which look for risks in proprietary and homegrown code. With Checkmarx’s
shift left approach, homegrown and open source scans can be conducted
during the pre-build phase and are then integrated and correlated,
reducing noise and false positives. Broad coverage leads to results
with greater confidence levels and allows for more intelligent

“The majority of organizations today use open source components as it
helps developers accelerate development, but vulnerabilities in these
components represent a top target for successful external attacks,” said
Assaf Dar, chief product development officer at Checkmarx. “CxOSA
prevents the use of vulnerable open source components while allowing for
faster delivery of secure software. The solution automates scanning by
leveraging existing DevOps integrations, making it the best fit for

Today, hundreds of organizations use CxOSA with CxSAST within Checkmarx’s
Software Exposure Platform
. The platform tightly integrates CxSAST,
CxOSA, CxIAST and CxCodebashing via a unified management and
orchestration layer to mitigate risk across the entire software exposure
lifecycle. Using all of the platform solution components from one
vendor, Checkmarx, empowers organizations to dramatically improve their
overall software security posture while reducing total cost of
ownership. Checkmarx also offers expert services for software security
deployment to advance customers’ DevOps programs.

“The new Checkmarx CxOSA engine was built on the foundation of our open
source solution, embedding years of experience and research in
mitigating open source security and compliance risks,” added Dar. “Now,
we wholly own all the components of the industry’s most comprehensive
solution for DevSecOps. For customers, this, among other things, means
they experience the industry’s tightest coupling of SAST and SCA,
allowing them to define and enforce policies for both proprietary and
open source vulnerabilities as well as easily derive meaningful
correlations and manage software security risks from a single pane of

For more information about CxOSA, please visit:

Further details on the Checkmarx Software Exposure Platform can be found

[1] Gartner, Four Steps to Adopt Open-Source Software as Part
of the DevOps Toolchain, Published: 6 February 2019 ID: G00378544
Analyst(s): Manjunath Bhat, Daniel Betts, Christopher Little

About Checkmarx
Checkmarx is the Software Exposure Platform
for the enterprise. Over 1,400 organizations around the globe rely on
Checkmarx to measure and manage software risk at the speed of DevOps.
Checkmarx serves five of the world’s top 10 software vendors, four of
the top American banks, and many government organizations and Fortune
500 enterprises, including SAP, Samsung, and Learn more