Introducing Checkmarx Software Composition Analysis (CxSCA)

 

Technical Partners

CxSAST for Amazon Web Services

CxSAST hosted on an AWS environment, allows organizations to seamlessly connect to their development lifecycle with all the benefits of being hosted in the cloud. By leveraging CxSAST for AWS, organizations are able to perform Static Application Security Testing in the secure confines of a dedicated AWS hosted environment.  
Read More >>

Cloudbees

CloudBees, the enterprise software delivery company, provides the industry's leading DevOps technology platform. CloudBees enables developers to do what they do best: Build stuff that matters, while providing peace of mind to management with powerful risk mitigation, compliance and governance tools. As a ‘Premier Partner’ of Cloudbees’ Technical Alliance Partner Program (TAPP), Checkmarx is able to offer its customers, and the broader CloudBees and Jenkins communities, application security testing solutions that empower their shift to DevSecOps and bolster the delivery of more secure software at scale. For more information about Cloudbees, visit here: https://www.cloudbees.com/.

Digital.ai

Digital.ai is an industry-leading technology company dedicated to helping Global 5000 enterprises achieve digital transformation goals. Using value stream management as its cornerstone, Digital.ai combines innovative technologies in agile planning, application protection, software delivery, and artificial intelligence into a unified Value Stream Platform. Digital.ai makes it possible to connect software development and delivery efforts to strategic business outcomes and create secure digital experiences customers trust. For more information about Digital.ai, visit here: https://digital.ai/

Onapsis

Checkmarx has teamed up with Onapsis to offer the most accurate and powerful platform to scan your entire codebase – including SAP applications and systems built on ABAP code. With applications at the core of any organization, Static Application Security Testing (SAST) solutions are one of the most effective ways of keeping them secure. The majority of organizations understand the need for remediating application vulnerabilities as early in the development process as possible.

Rapid7

Rapid7 is a leading provider of security data and analytics solutions that enable organizations to implement an active, analytics-driven approach to cyber security. We combine our extensive experience in security data and analytics and deep insight into attacker behaviors and techniques to make sense of the wealth of data available to organizations about their IT environments and users. Our solutions empower organizations to prevent attacks by providing visibility into vulnerabilities and to rapidly detect compromises, respond to breaches, and correct the underlying causes of attacks. Rapid7 is trusted by more than 4,150 organizations across 90 countries, including 34% of the Fortune 1000. To learn more about Rapid7 or get involved in our threat research, visit http://www.rapid7.com.
Read More >>

CircleCI

CircleCI is the world’s largest shared continuous integration and continuous delivery (CI/CD) platform, and the central hub where code moves from idea to delivery. As one of the most-used DevOps tools, CircleCI has unique access to data on how engineering teams work, and how their code runs. Companies like Intuit, Apple, Spotify, Tinder, and Twilio use CircleCI to improve engineering team productivity, release better products, and get to market faster.

ZeroNorth

ZeroNorth delivers risk-based vulnerability orchestration across applications and infrastructure. By orchestrating security scanning tools, including Checkmarx CxSAST, throughout the entire software lifecycle, ZeroNorth provides a comprehensive, continuous view of risk and reduces costs associated with managing disparate technologies. ZeroNorth empowers customers to rapidly scale application and infrastructure security, while integrating seamlessly into developer environments to simplify and verify remediation. For more information about ZeroNorth and our platform, visit www.zeronorth.io    

Code Dx

Checkmarx and Code Dx have partnered up to offer customers a streamlined way to view the testing results for organizations using multiple static and dynamic Application Security Testing (AST) tools. Code Dx, which provides a robust suite of fast and affordable tools to help software developers and security analysts find, prioritize, and visualize software vulnerabilities, will now support the results from Checkmarx's Static Code Analysis tool. The partnership between Checkmarx and Code Dx is a powerful way for code auditors and security teams to ensure the security of their organization's applications, by rolling up Checkmarx results, along with results from other SAST tools, into one clear view. And with Checkmarx's graph visualization, fixing security issues has never been quicker or simpler.

ThreadFix Vulnerability Management by Denim Group

Checkmarx has partnered with Denim Group to offer a comprehensive view of your application security testing results, allowing organizations to eliminate software risk from the first stages of the Software Development Life Cycle (SDLC). By pairing Checkmarx CxSAST’s powerful static application security testing tool with Denim Group's ThreadFix dashboard tool, customers enjoy highly-accurate, consistent results paired with actionable insights via a user-friendly dashboard. Extending their coverage by leveraging the power of multiple application security testing tools enables customers to easily prioritize high-risk issues, cut down on false positives, and quickly distribute relevant security information to all application stakeholders.