TMCnet News
Checkmarx Accelerates Vulnerability Remediation for Open Source Code with New Software Composition Analysis SolutionCheckmarx, the global leader in software security solutions for DevOps, today announced the launch of Checkmarx SCA (CxSCA), the company's new, SaaS (News - Alert)-based software composition analysis solution. CxSCA leverages Checkmarx's industry-leading source code analysis and automation capabilities, empowering security and development teams to easily identify vulnerabilities within open source software that present the greatest risk and enable developers to focus and prioritize remediation efforts accordingly. This dramatically reduces time spent from the point of vulnerability detection to remediation and increases developers' overall productivity. Existing approaches to securing open source within software often produce lengthy vulnerability reports riddled with inaccuracies, making it difficult for developers to understand where best to allocate their time and attention. CxSCA alleviates these challenges with its unique automatic triage capabilities, generating scan results with the greatest possible accuracy and delivering these findings directly to developers. With this insight, development teams can prioritize remediation efforts based on the level of risk presented by found vulnerabilities and accelerate remediation processes to deliver high-quality, more secure software faster. CxSCA delivers industry-leading open source security risk awareness, visibility, and prioritization capabilities, while also increasing operational efficiency for DevOps and AppSec teams. When coupled with Checkmarx SAST (CxSAST), organizations can secure both custom and open source code with one powerful, cohesive solution that provides unified management for project creation and scans, including the ability to run automated scans in source code repositories, such as GitHub, GitLab, and BitBucket, among others. According to Gartner (News - Alert), "the combination of SAST and SCA can help deliver higher-fidelity results. The addition of SCA capabilities within an existing suite of testing tools can simplify instalation, integration, administration, and maintenance." 1 "While the open source vulnerability landscape continues to expand, organizations are also increasingly shifting security responsibilities onto developers, creating a dire need for innovative SCA solutions that accelerate developer remediation cycles," said Nir Livni, VP of Products, Checkmarx. "With CxSCA, Checkmarx enables development organizations to address open source vulnerabilities earlier in the SDLC and cut down on manual processes by reducing false positives and background noise, so they can deliver secure software faster and at scale." CxSCA can be used independently or as part of the broader Checkmarx Software Security Platform that also includes SAST, IAST, and integrated developer AppSec training and awareness, giving development teams a single, unified approach to managing their application security posture. Additional CxSCA features include:
Availability: CxSCA is available today. For more information and to schedule a demo, visit here. Additional Resources:
1 - Gartner, Technology Insight for Software Composition Analysis, Dale Gardner, 1 November 2019 About Checkmarx Checkmarx is the global leader in software security solutions for modern enterprise software development. Checkmarx delivers the industry's most comprehensive Software Security Platform that unifies with DevOps and provides static and interactive application security testing, software composition analysis, and developer AppSec awareness and training programs to reduce and remediate risk from software vulnerabilities. Checkmarx is trusted by more than 40 of the Fortune 100 companies and half of the Fortune 50, including leading organizations such as SAP (News - Alert), Samsung, and Salesforce.com. Learn more at www.checkmarx.com. View source version on businesswire.com: https://www.businesswire.com/news/home/20200602005150/en/ |