This week, Checkmarx launched a new SaaS-based software composition analysis solution — SCA (CxSCA).
Empowering security and development teams
Existing measures for securing open-source software consist of lengthy reports to outline vulnerabilities that are more often than not, riddled with inaccuracies. Understandably, this makes it hard for developers to know where best to allocate their time.
CxSCA leverages Checkmarx’s industry-leading source code analysis and automation capabilities by identifying vulnerabilities that pose the most risk within open-source software, thereby allowing developers to focus on remediation. CxSCA removes challenges associated with vulnerability detection through its unique automated triage functionality.
With industry-leading open source security risk awareness, visibility, and prioritisation measures, CxSCA increases efficiency for DevOps and AppSec teams.
CxSCA can be used independently or as part of a broader Checkmarx Software Security Platform — Static Application Security (SAST), Interactive Application Security Testing (IAST), and integrated developer AppSec training and awareness, giving development teams a single unified approach to managing their application security posture.
Coupled with Checkmarx SAST (CxSAST), users can benefit from the unified management of project creation and application security scans, including the ability to run automated scans in source code repositories such as GitHub, GitLab, and Bitbucket to name a few.
According to Gartner, “the combination of SAST and SCA can help deliver higher-fidelity results. The addition of SCA capabilities within an existing suite of testing tools can simplify installation, integration, administration, and maintenance.”
Additional CxSCA features include:
- Extensive Database of Open Source Libraries and Vulnerabilities: Greater security and risk awareness above and beyond the National Vulnerability Database (NVD), even for those with no corresponding CVE at the time of discovery.
- Seamless DevOps Integration: Easy integration with the entire SDLC offering to streamline developer workflows and expedite delivery timelines.
- Scalability and Flexibility: The secure SaaS-based flexible deployment model, provides developers with scale and speed, leaving them to spend more time on developing secure software, and less on managing infrastructures.
Try it today
CxSCA is available now. As partners of Checkmarx, we’re here to help. If you’d like to find out more, contact us by clicking the button below.