Problems that solves
Unauthorized access to corporate IT systems and data
Risk of attacks by hackers
Values
Reduce Costs
Ensure Security and Business Continuity
Ensure Compliance
Checkmarx Static Application Security Testing (CxSAST)
CxSAST is a flexible and accurate static analysis solution used to identify hundreds of types of security vulnerabilities in both custom code and open source components.
About Product
Description
Checkmarx CxSAST is part of the Checkmarx Software Exposure Platform addressing software security risk across the entire SDLC. CxSAST is a flexible and accurate static analysis solution used to identify hundreds of types of security vulnerabilities in both custom code and open source components. It is used by development, DevOps, and security teams to scan source code early in the SDLC across over 25 coding and scripting languages.
Unlike other SAST solutions, CxSAST provides the ability to eliminate vulnerabilities early in the SDLC. Integrations with build tools, Continuous Integration servers, IDEs, bug tracking solutions, and other development tools allows CxSAST to adapt to your existing software development lifecycle.
Pinpoint Accuracy for Remediation
CxSAST understands your software and how data moves through an application. Its “Best Fix Location” algorithm automatically highlights the best place to remediate issues, allowing developers to fix multiple vulnerabilities at a single point in the code.
Find Vulnerabilities Sooner
Unlike some static analysis offerings, CxSAST scans an uncompiled code and doesn’t require a completed build. No dependency configurations – no learning curve when switching languages. It even works from the developers’ IDE. This allows organizations to use CxSAST earlier in the software development lifecycle when it is far less expensive and time-consuming to fix coding errors.
The Right Choice for Agile and CI Teams
In Continuous Integration and Agile environments, security must be integrated into the development process. Other static analysis solutions don’t fit well due to their lengthy scan times. Checkmarx CxSAST solves this by using incremental scanning to analyze only newly introduced or modified the code, reducing scanning time by up to 80%, and integrates with CI Servers to automate security testing.
Integrates with Your Workflow
No two development environments are exactly the same, and testing solutions need to be flexible to accommodate how you work. Checkmarx CxSAST integrates with CI and builds servers, bug tracking solutions, and source repositories.
Complete Understanding of Identified Vulnerabilities
With Checkmarx, you can view the reasoning and proof of all scan results to understand the root cause of the vulnerabilities. You aren’t limited to the rules everyone else uses. Checkmarx Open Query language allows organizations to have complete control of the intellectual research behind CxSAST.
Comply with Regulatory Standards
Regulatory standards such as PCI-DSS, HIPAA, FISMA, and others require organizations to test for common vulnerabilities like those found in the OWASP Top 10 and the SANS Top 25. CxSAST finds these and more. Plus, with a unique open query language, you can easily create your own security policy consisting of the vulnerabilities most important to your industry and organization.
Flexible Deployment Options
CxSAST is available as a standalone product and can be effectively integrated into the Software Development Lifecycle (SDLC) to streamline detection and remediation. CxSAST can be deployed on-premise in a private data center or hosted via a public cloud.
Competitive products
User features
Roles of Interested Employees
Chief Executive Officer
Chief Information Officer
Chief IT Security Officer
IT Security and Risk Management
Organizational Features
IT Security Department in company