We Scan Your Source Code

Identify software security vulnerabilities & fix them

  • Easy to use
  • Scans uncompiled code
  • Highly accurate
  • On-Premise & On-Demand

Start A FREE Trial

Testimonials

salesforce.com logo 86x67

salesforce.com selected Checkmarx’s next generation static code analysis tool as the official Force.com Security Source Code Scanner. With hundreds of millions LoC scanned to date, Checkmarx ensures all AppExchange applications are secured to the highest standards.

salesforce.com

Playtech Logo 119x35

Checkmarx is loved by both our infosec team and our developers. It is easy to use and provides highly accurate results combined with the flexibility we need to enforce our application security policy.

Kobi Lechner -
Information Security Manager - Playtech

Atlassian Logo Thumbnail

“Using Checkmarx is easier than other tools. Important – you do not need to integrate it into your build process, just throw source code at it.”

Vitaly Osipov -
Information Security Expert - Atlassian

logo_liveperson_0 thumbnail 119width

“Checkmarx’s technology is highly accurate and easy to use. It offers great performance and the ability to scan incomplete code samples. It was agile enough to support specific requests we had for our secure SDLC and was the most sensible decision commercially”

Yair Rovek -
Security Specialist - LivePerson

Checkmarx plays a fundamental role in hardening our web application. Exploits are becoming more sophisticated and Checkmarx is our first line of defense.

Daniel Bondurant -
CTO Wiredrive.com

Checkmarx Blog

March 2015
26

CISO Insights: How the CISO of San Diego Secures His City

This article is the first in a series of interviews with CISOs in various industries. Our goal is to share our conversations with different Chief Information Security Officers about how they deal with daily tasks as well as the bigger picture of innovating security practices around business operations. Gary Hayslip…

March 2015
24

The AliExpress XSS Hacking Explained

As you may have heard it was recently advertised that AliExpress, one of the world’s largest online shopping websites, was found to have substantial security shortcomings. As one of the people who discovered the Cross-Site Scripting (XSS) vulnerability, I would like to discuss and elaborate on it in the following…

March 2015
19

AppSec 101: The Secure Software Development Life Cycle

Due to the growing demand for robust applications, the secure Software Development Life Cycle methodology is gaining momentum all over the world. Its effectiveness in combating vulnerabilities has made it mandatory in many organizations. The objective of this article is to introduce the user to the basics of the secure Software…

March 2015
17

Open Source vs. Commercial Tools: Static Code Analysis Showdown

It’s the never-ending dilemma; the ‘Coke or Pepsi’ debate of the software and security world, and there’s still no definitive answer. As the application security market grows, so too does the variety of tools available to organizations seeking to secure their applications. And with both open source and commercial tools popping…

March 2015
05

3 Things to Know About Managing Open Source Components in Your App

Manage your software where it’s created. It is in your continuous integration environment where the various pieces of code become software. While some of the software is proprietary, much of it (probably over 50%) is open source components, as your development teams use open source components to boost their productivity and…