Hellman & Friedman to Acquire Checkmarx at a $1.15B Valuation

Checkmarx Open Source Analysis

Reinventing Software Composition Analysis

Hero Image

Checkmarx Open Source Analysis (CxOSA)

Today’s software is constructed using open source components and third-party libraries, tied together with custom code. Legacy software can have potentially vulnerable or outdated open source components hiding within it, and proprietary code that must be sanitized. As regulations surrounding sensitive data protection increase, hackers continue to target vulnerable open source components to access that data.

That’s why we provide you with the most effective solution for software composition analysis, integrated with Checkmarx’s industry-leading static application security testing technologies (CxSAST) to enhance open source software security and minimize your software risk exposure.

CxOSA empowers development, security, and operations teams with the tools and insight necessary to efficiently address the risks associated with the open source software within the applications they create, deploy, and maintain.

A Single Solution for Securing Open Source and Proprietary Code

Checkmarx’s software composition analysis solution (CxOSA) discovers open source software security vulnerabilities within your codebases, and leverages the leading static analysis capabilities of CxSAST to determine which vulnerabilities actually leave you open to attack, and identify the most effective and efficient ways to remediate them. Checkmarx provides complete codebase coverage under a single unified solution, with no extra installations or administration required.

Identify and Track Open Source Components within Your Software

CxOSA automatically analyzes software throughout your CI/CD pipeline to identify open source components within the source code. Generate a complete inventory of specific component versions in use, track and prioritize vulnerabilities, and identify associated software licenses to uphold compliance.

Enforce Open Source Policies throughout the SDLC

CxOSA integrates directly with your build environment and delivers security and license risk insight straight to your developers, so they can address issues earlier and faster, with SDLC workflow triggers to accelerate remediation. Customize and automatically enforce policies for secure open source consumption via a centralized resource for management and orchestration, simplifying policy management across multiple Checkmarx application security testing solutions.

Detailed Vulnerability Insight and Remediation Guidance

CxOSA identifies open source vulnerabilities within your codebase and provides a detailed risk assessment for each vulnerability, allowing your development teams to focus their efforts where they will have the greatest impact. CxOSA features vulnerability data from multiple sources, augmented by the Checkmarx security research team, making upgrades, patches, and remediation easier.

Software Composition Analysis for All Common Languages and Frameworks

CxOSA analyzes all the most common programming languages and frameworks, more-effectively enabling organizations to reduce open source security and license risks in both new and legacy applications.

Additional Resources


Checkmarx Open Source Analysis


The Open Source Cookbook: A Baker’s Guide to Modern Application Development


OSA and SAST Better Together

Ready to Learn More?

Request a Demo